CVE-2024-1155

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1155
Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html Exploit Vendor Advisory
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:emerson:specification_compliance_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:sts_software_bundle:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:data_record_ad:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:community:*:*:*
cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:real-time_module:*:*:*
cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:web_module:*:*:*
cpe:2.3:a:emerson:static_test_software_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:g_web_development_software:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:flexlogger:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:systemlink_server:*:*:*:*:*:*:*:*
History

12 Feb 2025, 18:50

Type Values Removed Values Added
CWE CWE-863
First Time Emerson static Test Software Suite
Emerson sts Software Bundle
Emerson systemlink Server
Emerson data Record Ad
Emerson
Emerson g Web Development Software
Emerson specification Compliance Manager
Emerson flexlogger
Emerson labview Nxg
CPE cpe:2.3:a:emerson:flexlogger:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:static_test_software_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:real-time_module:*:*:*
cpe:2.3:a:emerson:g_web_development_software:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:community:*:*:*
cpe:2.3:a:emerson:data_record_ad:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:specification_compliance_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:systemlink_server:*:*:*:*:*:*:*:*
cpe:2.3:a:emerson:labview_nxg:5.1:*:*:*:web_module:*:*:*
cpe:2.3:a:emerson:sts_software_bundle:*:*:*:*:*:*:*:*
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html - () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

20 Feb 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-20 15:15

Updated : 2025-02-12 18:50

NVD link : CVE-2024-1155

Mitre link : CVE-2024-1155

JSON object : View

Products Affected

emerson

  • static_test_software_suite
  • flexlogger
  • sts_software_bundle
  • specification_compliance_manager
  • data_record_ad
  • g_web_development_software
  • systemlink_server
  • labview_nxg
CWE
CWE-863

Incorrect Authorization