7.8
CVE-2024-1155
- EPSS 0.11%
- Published 20.02.2024 15:15:09
- Last modified 12.02.2025 18:50:24
- Source security@ni.com
- Teams watchlist Login
- Open Login
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
Data is provided by the National Vulnerability Database (NVD)
Emerson ≫ Data Record Ad Version <= 2.0.1
Emerson ≫ Flexlogger Version <= 2022_q3
Emerson ≫ G Web Development Software Version <= 2022_q3
Emerson ≫ Labview Nxg Version5.1 SwEditioncommunity
Emerson ≫ Labview Nxg Version5.1 SwEditionreal-time_module
Emerson ≫ Labview Nxg Version5.1 SwEditionweb_module
Emerson ≫ Specification Compliance Manager Version <= 2023_q4
Emerson ≫ Static Test Software Suite Version <= 1.2
Emerson ≫ Sts Software Bundle Version <= 21.0
Emerson ≫ Systemlink Server Version < 2024_q1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.298 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@ni.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.