Vulnerabilities > CVE-2024-1156 - Incorrect Authorization vulnerability in Emerson products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

emerson

CWE-863

NVD

Published: 2024-02-20

Updated: 2025-02-12

Summary

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.

Vulnerable Configurations

Part	Description	Count
Application	Emerson Emerson Specification Compliance Manager * Emerson STS Software Bundle * Emerson Data Record AD * Emerson Labview NXG 5.1 Emerson Flexlogger * Emerson G WEB Development Software * Emerson Static Test Software Suite * Emerson Systemlink Server *	10

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html