Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-1156

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.

Published

2024-02-20T15:15:09.910

Last Modified

2025-02-12T18:50:02.210

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emerson	data_record_ad	≤ 2.0.1	Yes
Application	emerson	flexlogger	≤ 2022_q3	Yes
Application	emerson	g_web_development_software	≤ 2022_q3	Yes
Application	emerson	labview_nxg	5.1	Yes
Application	emerson	labview_nxg	5.1	Yes
Application	emerson	labview_nxg	5.1	Yes
Application	emerson	specification_compliance_manager	≤ 2023_q4	Yes
Application	emerson	static_test_software_suite	≤ 1.2	Yes
Application	emerson	sts_software_bundle	≤ 21.0	Yes
Application	emerson	systemlink_server	< 2024_q1	Yes

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html Exploit, Vendor Advisory ([email protected])
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)