7.8
CVE-2024-1155
- EPSS 0.11%
- Veröffentlicht 20.02.2024 15:15:09
- Zuletzt bearbeitet 12.02.2025 18:50:24
- Quelle security@ni.com
- Teams Watchlist Login
- Unerledigt Login
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Emerson ≫ Data Record Ad Version <= 2.0.1
Emerson ≫ Flexlogger Version <= 2022_q3
Emerson ≫ G Web Development Software Version <= 2022_q3
Emerson ≫ Labview Nxg Version5.1 SwEditioncommunity
Emerson ≫ Labview Nxg Version5.1 SwEditionreal-time_module
Emerson ≫ Labview Nxg Version5.1 SwEditionweb_module
Emerson ≫ Specification Compliance Manager Version <= 2023_q4
Emerson ≫ Static Test Software Suite Version <= 1.2
Emerson ≫ Sts Software Bundle Version <= 21.0
Emerson ≫ Systemlink Server Version < 2024_q1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.298 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@ni.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.