9.3
CVE-2026-9142
- EPSS 0.31%
- Veröffentlicht 19.06.2026 13:41:26
- Zuletzt bearbeitet 25.06.2026 14:40:14
- Quelle security@ni.com
- CVE-Watchlists
- Unerledigt
Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ni ≫ Instrumentstudio Version <= 2025
Ni ≫ Instrumentstudio Version2026 Updateq1
Ni ≫ Instrumentstudio Version2026 Updateq2
Ni ≫ Ni Grpc Device Server Version < 2.18.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.222 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@ni.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| security@ni.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html
https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562