7.8
CVE-2024-1156
- EPSS 0.14%
- Published 20.02.2024 15:15:09
- Last modified 12.02.2025 18:50:02
- Source security@ni.com
- Teams watchlist Login
- Open Login
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
Data is provided by the National Vulnerability Database (NVD)
Emerson ≫ Data Record Ad Version <= 2.0.1
Emerson ≫ Flexlogger Version <= 2022_q3
Emerson ≫ G Web Development Software Version <= 2022_q3
Emerson ≫ Labview Nxg Version5.1 SwEditioncommunity
Emerson ≫ Labview Nxg Version5.1 SwEditionreal-time_module
Emerson ≫ Labview Nxg Version5.1 SwEditionweb_module
Emerson ≫ Specification Compliance Manager Version <= 2023_q4
Emerson ≫ Static Test Software Suite Version <= 1.2
Emerson ≫ Sts Software Bundle Version <= 21.0
Emerson ≫ Systemlink Server Version < 2024_q1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.344 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@ni.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.