CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-6793

Medium Severity
Ni
SVRS
30/100
CVSSv3
9.8/10
EPSS
0.02515/1

CVE-2024-6793 affects NI VeriStand, allowing for potential remote code execution. This deserialization of untrusted data vulnerability in the DataLogging Server means an attacker can execute arbitrary code by sending a specially crafted message. The vulnerability impacts NI VeriStand 2024 Q2 and earlier versions. While the CVSS score is a high 9.8, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a lower, but still present, real-world threat level at this time.

The relatively lower SVRS compared to the CVSS score suggests that, while technically severe, active exploitation may be limited or difficult to achieve. However, organizations using affected versions of NI VeriStand should still prioritize patching and monitoring due to the potential for malicious actors to leverage this critical vulnerability. The presence of the "In The Wild" tag suggests some level of awareness or potential for exploitation, even with a lower SVRS. Exploitation could lead to a complete system compromise, data breaches, or disruption of critical operations. Mitigating this risk is essential for maintaining system security and integrity.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-07-22
LAST MODIFIED2024-09-17

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ZDI-24-1029: NI VeriStand DataLoggingServer Deserialization of Untrusted Data Remote Code Execution Vulnerability
2024-07-30
ZDI-24-1029: NI VeriStand DataLoggingServer Deserialization of Untrusted Data Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6793.
cve-2024-6793
cves
server
code
CVE-2024-6793 | NI VeriStand up to 24.2 Message deserialization
vuldb.com2024-07-23
CVE-2024-6793 | NI VeriStand up to 24.2 Message deserialization | A vulnerability classified as very critical was found in NI VeriStand up to 24.2. This vulnerability affects unknown code of the component Message Handler. The manipulation leads to deserialization. This vulnerability was named CVE-2024-6793. The attack can be initiated remotely. There is no exploit available.
cve-2024-6793
domains
urls
cves

Social Media

CVE-2024-6793 (CVSS:9.8, CRITICAL) is Awaiting Analysis. A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote c..https://t.co/QuYswZukPB #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
[CVE-2024-6793: CRITICAL] Critical security flaw in NI VeriStand DataLogging Server could allow remote code execution via specially crafted messages. Act now to secure NI VeriStand 2024 Q2 and earlier versions.#cybersecurity,#vulnerability https://t.co/xi7iwCeQxs https://t.co/13TC4O1Muf
0
0
0
CVE-2024-6793 A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires… https://t.co/W0rzugAVtG
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppNiveristand

References

ReferenceLink
[email protected]https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html

CWE Details

CWE IDCWE NameDescription
CWE-502Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence