CVE-2024-6791

Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files

CVSS 7.8 HIGHEPSS 0.5%CWE-22

In short

NI VeriStand has a flaw that lets attackers run malicious code on your computer if you open a specially crafted .vsmodel file. This happens because the program doesn't properly check file paths, allowing an attacker to access unauthorized locations on your system.

Technical detail

A path traversal vulnerability (CWE-22) in NI VeriStand's vsmodel file loader allows an attacker to execute arbitrary code through a crafted .vsmodel file. The attack vector is user interaction (opening the malicious file); successful exploitation requires social engineering to trick a user into opening the file, with impact including remote code execution on the affected system running VeriStand 2024 Q2 or earlier.

Summary generated and translated by AI from the official description.

A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

NI · VeriStand

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/directory-path-traversal-vulnerability-in-ni-veristand-with-vsmodel-files.html