https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html <br/></td> CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"/>https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html <br/></td> CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2024-6791

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Jul 22, 2024 / Updated: 4mo ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Summary

A directory path traversal vulnerability exists in NI VeriStand when parsing VSMODEL files. The issue stems from inadequate validation of user-supplied paths before their use in file operations. This vulnerability affects VeriStand 2024 Q2 and prior versions. User interaction is required for exploitation, as the target must visit a malicious page or open a malicious file.

Impact

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. The attacker can leverage this vulnerability to execute code in the context of the current user, potentially leading to unauthorized access, data theft, or system compromise. The vulnerability has high impacts on confidentiality, integrity, and availability of the affected system. The CVSS v3 base score is 7.8 (High), with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high severity.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

NI has issued an update to correct this vulnerability. Users of VeriStand 2024 Q2 and prior versions should apply the update as soon as possible. More details about the patch can be found at: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html

Mitigation

1. Apply the update provided by NI as soon as possible. 2. Exercise caution when opening .vsmodel files, especially from untrusted sources. 3. Implement the principle of least privilege, ensuring users only have the necessary permissions to perform their tasks. 4. Use network segmentation to limit the potential impact if exploitation occurs. 5. Educate users about the risks of opening files from unknown sources. 6. Monitor for any suspicious activities related to VeriStand usage.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6791

Jul 22, 2024 at 9:15 PM
CVSS

A CVSS base score of 7.8 has been assigned.

Jul 22, 2024 at 9:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-6791. See article

Jul 22, 2024 at 9:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 22, 2024 at 9:21 PM
Trending

This CVE started to trend in security discussions

Jul 23, 2024 at 4:10 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.9%)

Jul 23, 2024 at 9:41 AM
Trending

This CVE stopped trending in security discussions

Jul 25, 2024 at 10:51 PM
Static CVE Timeline Graph

Affected Systems

Ni/veristand
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-1030/
+null more

Patches

www.ni.com
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

Vendor Advisory

ZDI-24-1030: NI VeriStand VSMODEL File Parsing Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. An attacker can leverage this vulnerability to execute code in the context of the current user.

References

ZDI-24-1030: NI VeriStand VSMODEL File Parsing Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. An attacker can leverage this vulnerability to execute code in the context of the current user.
CVE-2024-6791
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.

News

Update Sat Sep 21 14:36:25 UTC 2024
Update Sat Sep 21 14:36:25 UTC 2024
NI VeriStand 2024 Q3 v24.5.0.49436 with Drivers Win x64
It also supports deploying to a range of targets, including PXI/PCI controllers, CompactRIO/Single-Board RIO, and desktop PCs. With a wide range of out-of-the-box functionality that includes configurable data acquisition and logging, test sequencing, and the integration of Simulink models, VeriStand reduces the time needed to test your products. NI is now part of Emerson's new Test & Measurement business grouphas releasedVeriStand 2024 Q3is configuration-based testing software, allowing you to develop, prototype, and test control systems using hardware I/O and your simulation models.
NI VeriStand 2024 Q3 v24.5.0.49436 with Drivers Win x64
NI is now part of Emerson's new Test & Measurement business group has released VeriStand 2024 Q3 is configuration-based testing software, allowing you to develop, prototype, and test control systems using hardware I/O and your simulation models. It also supports deploying to a range of targets, including PXI/PCI controllers, CompactRIO/Single-Board RIO, and desktop PCs. With a wide range of out-of-the-box functionality that includes configurable data acquisition and logging, test sequencing, and the integration of Simulink models, VeriStand reduces the time needed to test your products.
NI VeriStand 2024 Q3 v24.5.0.49436 with Drivers Win x64
It also supports deploying to a range of targets, including PXI/PCI controllers, CompactRIO/Single-Board RIO, and desktop PCs. With a wide range of out-of-the-box functionality that includes configurable data acquisition and logging, test sequencing, and the integration of Simulink models, VeriStand reduces the time needed to test your products. NI is now part of Emerson's new Test & Measurement business group has released VeriStand 2024 Q3 is configuration-based testing software, allowing you to develop, prototype, and test control systems using hardware I/O and your simulation models.
NI VeriStand 2024 Q3 v24.5.0.49436 with Drivers Win x64
NI is now part of Emerson's new Test & Measurement business group has released VeriStand 2024 Q3 is configuration-based testing software, allowing you to develop, prototype, and test control systems using hardware I/O and your simulation models. The HDL Coder Support Package for NI FPGA hardware now includes support for custom reference designs, enabling the integration of Simulink models into existing LabVIEW FPGA projects.
See 17 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI