CVE-2024-1156

HIGH

Emerson Data Record AD < 2.0.1 - Authenticated Privilege Escalation via RabbitMQ Configuration

Title source: llm

Description

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.

References (1)

Core 1

Core References

Exploit, Vendor Advisory

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html

Scores

CVSS v3 7.8

EPSS 0.0035

EPSS Percentile 26.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276 CWE-863

Status published

Products (8)

emerson/data_record_ad < 2.0.1

emerson/flexlogger < 2022_q3

emerson/g_web_development_software < 2022_q3

emerson/labview_nxg 5.1 (3 CPE variants)

emerson/specification_compliance_manager < 2023_q4

emerson/static_test_software_suite < 1.2

emerson/sts_software_bundle < 21.0

emerson/systemlink_server < 2024_q1

Published Feb 20, 2024

Tracked Since Feb 18, 2026