CVE-2024-12742

Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

CVSS 8.4 HIGHEPSS 5.4%CWE-502

In short

A flaw in NI G Web Development Software allows attackers to run malicious code on a user's computer if they trick the user into opening a specially crafted project file. This happens because the software unsafely processes data from untrusted files.

Technical detail

This CWE-502 deserialization vulnerability in NI G Web Development Software (v2022 Q3 and earlier) enables arbitrary code execution through malicious project files. Attack vector requires user interaction (opening a crafted file); once deserialized without proper validation, untrusted data can instantiate arbitrary objects leading to RCE with the privileges of the affected user.

Summary generated and translated by AI from the official description.

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted project file.  This vulnerability affects G Web Development Software 2022 Q3 and prior versions.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N

Affected products

NI · G Web Development Software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerability-in-ni-g-web-deve.html