Vulnerabilities > CVE-2024-1155 - Incorrect Authorization vulnerability in Emerson products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

emerson

CWE-863

NVD

Published: 2024-02-20

Updated: 2025-02-12

Summary

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.

Vulnerable Configurations

Part	Description	Count
Application	Emerson Emerson Specification Compliance Manager * Emerson STS Software Bundle * Emerson Data Record AD * Emerson Labview NXG 5.1 Emerson Static Test Software Suite * Emerson G WEB Development Software * Emerson Flexlogger * Emerson Systemlink Server *	10

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html