Vulnerabilites related to emerson - sts_software_bundle
Vulnerability from fkie_nvd
Published
2024-02-20 15:15
Modified
2025-02-12 18:50
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emerson | data_record_ad | * | |
| emerson | flexlogger | * | |
| emerson | g_web_development_software | * | |
| emerson | labview_nxg | 5.1 | |
| emerson | labview_nxg | 5.1 | |
| emerson | labview_nxg | 5.1 | |
| emerson | specification_compliance_manager | * | |
| emerson | static_test_software_suite | * | |
| emerson | sts_software_bundle | * | |
| emerson | systemlink_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:data_record_ad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2267E001-7C8A-4E3C-BAA3-C4108CDC2C11",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:flexlogger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A05CEECE-4F09-4875-97F5-D419044299B8",
"versionEndIncluding": "2022_q3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:g_web_development_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4008CF-D7BB-4400-AF25-69A468E0274F",
"versionEndIncluding": "2022_q3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:community:*:*:*",
"matchCriteriaId": "E84E23D5-04EB-4B73-B335-AD1F9ECA6166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:real-time_module:*:*:*",
"matchCriteriaId": "25474D7C-8523-49BF-8D83-5D82A0D95FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:web_module:*:*:*",
"matchCriteriaId": "06AE0E0E-8E3C-416F-97EC-308FB2953B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:specification_compliance_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B58D78-41AA-484A-A184-DFA999ED504B",
"versionEndIncluding": "2023_q4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:static_test_software_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "338BAA7F-884C-41D8-B131-9E2C2FD46DC6",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:sts_software_bundle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B018440C-809C-4E30-9A08-AAF79D7D280E",
"versionEndIncluding": "21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:systemlink_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95CF6EFB-FED4-428A-8CE5-AAE9D12A64FB",
"versionEndExcluding": "2024_q1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
},
{
"lang": "es",
"value": "Los permisos de directorio incorrectos para el servicio NI RabbitMQ compartido pueden permitir que un usuario autenticado local lea la informaci\u00f3n de configuraci\u00f3n de RabbitMQ y potencialmente habilitar la escalada de privilegios."
}
],
"id": "CVE-2024-1156",
"lastModified": "2025-02-12T18:50:02.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T15:15:09.910",
"references": [
{
"source": "security@ni.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "security@ni.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-20 15:15
Modified
2025-02-12 18:50
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emerson | data_record_ad | * | |
| emerson | flexlogger | * | |
| emerson | g_web_development_software | * | |
| emerson | labview_nxg | 5.1 | |
| emerson | labview_nxg | 5.1 | |
| emerson | labview_nxg | 5.1 | |
| emerson | specification_compliance_manager | * | |
| emerson | static_test_software_suite | * | |
| emerson | sts_software_bundle | * | |
| emerson | systemlink_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emerson:data_record_ad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2267E001-7C8A-4E3C-BAA3-C4108CDC2C11",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:flexlogger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A05CEECE-4F09-4875-97F5-D419044299B8",
"versionEndIncluding": "2022_q3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:g_web_development_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4008CF-D7BB-4400-AF25-69A468E0274F",
"versionEndIncluding": "2022_q3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:community:*:*:*",
"matchCriteriaId": "E84E23D5-04EB-4B73-B335-AD1F9ECA6166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:real-time_module:*:*:*",
"matchCriteriaId": "25474D7C-8523-49BF-8D83-5D82A0D95FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:web_module:*:*:*",
"matchCriteriaId": "06AE0E0E-8E3C-416F-97EC-308FB2953B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:specification_compliance_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B58D78-41AA-484A-A184-DFA999ED504B",
"versionEndIncluding": "2023_q4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:static_test_software_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "338BAA7F-884C-41D8-B131-9E2C2FD46DC6",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:sts_software_bundle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B018440C-809C-4E30-9A08-AAF79D7D280E",
"versionEndIncluding": "21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emerson:systemlink_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95CF6EFB-FED4-428A-8CE5-AAE9D12A64FB",
"versionEndExcluding": "2024_q1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \n"
},
{
"lang": "es",
"value": "Los permisos incorrectos en los directorios de instalaci\u00f3n para los servicios compartidos basados en SystemLink Elixir pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-1155",
"lastModified": "2025-02-12T18:50:24.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@ni.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T15:15:09.703",
"references": [
{
"source": "security@ni.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
],
"sourceIdentifier": "security@ni.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "security@ni.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-1156 (GCVE-0-2024-1156)
Vulnerability from cvelistv5
Published
2024-02-20 14:37
Modified
2024-08-26 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NI | SystemLink Server |
Version: 0 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:24.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ni:flexlogger:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flexlogger",
"vendor": "ni",
"versions": [
{
"lessThanOrEqual": "2022_q3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ni:systemlink:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "systemlink",
"vendor": "ni",
"versions": [
{
"lessThanOrEqual": "2023_q3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T16:33:13.523683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T16:53:40.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SystemLink Server",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2023 Q3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FlexLogger",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2022 Q3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
}
],
"value": "Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T14:37:07.095Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2024-1156",
"datePublished": "2024-02-20T14:37:07.095Z",
"dateReserved": "2024-02-01T14:26:04.700Z",
"dateUpdated": "2024-08-26T16:53:40.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1155 (GCVE-0-2024-1155)
Vulnerability from cvelistv5
Published
2024-02-20 14:34
Modified
2024-08-01 18:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NI | SystemLink Server |
Version: 0 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T18:08:51.196119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:58.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SystemLink Server",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2023 Q3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FlexLogger",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2022 Q3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \u003cbr\u003e"
}
],
"value": "Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T14:34:08.556Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect permissions for shared NI SystemLink Elixir based services",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2024-1155",
"datePublished": "2024-02-20T14:34:08.556Z",
"dateReserved": "2024-02-01T14:25:54.006Z",
"dateUpdated": "2024-08-01T18:26:30.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}