Vulnerability Details CVE-2024-6791
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.6%
CVSS Severity
CVSS v3 Score 7.8
References
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html
Products affected by CVE-2024-6791
-
cpe:2.3:a:ni:veristand:2013
-
cpe:2.3:a:ni:veristand:2014
-
cpe:2.3:a:ni:veristand:2015
-
cpe:2.3:a:ni:veristand:2016
-
cpe:2.3:a:ni:veristand:2017
-
cpe:2.3:a:ni:veristand:2018
-
cpe:2.3:a:ni:veristand:2019
-
cpe:2.3:a:ni:veristand:2020
-
cpe:2.3:a:ni:veristand:2021
-
cpe:2.3:a:ni:veristand:2023
-
cpe:2.3:a:ni:veristand:2024