National Instruments (NI) VeriStand 2014

CPE Details

National Instruments (NI) VeriStand 2014
ni
veristand
2014
2023-11-16
11h48 +00:00
2023-11-16
11h48 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ni:veristand:2014:*:*:*:*:*:*:*

Informations

Vendor

ni

Product

veristand

Version

2014

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-6806 2024-07-22 21h03 +00:00 The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.
9.8
Critical
CVE-2024-6805 2024-07-22 21h00 +00:00 The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.
9.8
Critical
CVE-2024-6794 2024-07-22 20h50 +00:00 A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
9.8
Critical
CVE-2024-6793 2024-07-22 20h47 +00:00 A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
9.8
Critical
CVE-2024-6791 2024-07-22 20h38 +00:00 A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.
7.8
High
CVE-2023-5136 2023-11-08 15h24 +00:00 An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.