CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6121 – NI SystemLink Server Ships Out of Date Redis Version
https://notcve.org/view.php?id=CVE-2024-6121
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. Una versión desactualizada de Redis enviada con NI SystemLink Server es susceptible a múltiples vulnerabilidades, incluida CVE-2022-24834. Esto afecta a NI SystemLink Server 2024 Q1 y versiones anteriores. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/ni-systemlink-server-ships-out-of-date-redis-version.html • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6122 – Incorrect Default Directory Permissions for NI SystemLink Redis Service
https://notcve.org/view.php?id=CVE-2024-6122
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. Un permiso incorrecto en el directorio de instalación para el servicio compartido NI SystemLink Server KeyValueDatabase puede resultar en la divulgación de información a través del acceso local. Esto afecta a NI SystemLink Server 2024 Q1 y versiones anteriores. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-default-directory-permissions-for-ni-systemlink-redis-service.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4044 – Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio
https://notcve.org/view.php?id=CVE-2024-4044
A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions. Existe una vulnerabilidad de deserialización de datos no confiables en el código común utilizado por FlexLogger e InstrumentStudio que puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante consiga que un usuario abra un archivo de proyecto especialmente manipulado. • https://ni.com/r/CVE-2024-4044 • CWE-502: Deserialization of Untrusted Data •