CVE-2024-6794— Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-6794
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server
Source: NVD (National Vulnerability Database)
Vulnerability Description
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
NI VeriStand 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NI VeriStand是美国国家仪器(NI)公司的一款用于实时测试应用的软件。可以通过模型集成、实时激励生成和可扩展的软件环境,加快产品开发生命周期。 NI VeriStand 2024 Q2版本及之前版本存在安全漏洞。攻击者利用该漏洞可以远程执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2024-6794
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-6794
请登录查看更多情报信息。
Same Patch Batch · NI · 2024-07-22 · 9 CVEs total
| CVE-2024-6793 | 9.8 CRITICAL | Deserialization of Untrusted Data in NI VeriStand DataLogging Server |
| CVE-2024-6806 | 9.8 CRITICAL | Missing Authorization Checks In NI VeriStand Gateway For Project Resources |
| CVE-2024-6791 | 7.8 HIGH | Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files |
| CVE-2024-6121 | 7.8 HIGH | NI SystemLink Server Ships Out of Date Redis Version |
| CVE-2024-6675 | 7.8 HIGH | Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File |
| CVE-2024-6805 | 7.5 HIGH | Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources |
| CVE-2024-6122 | 5.5 MEDIUM | Incorrect Default Directory Permissions for NI SystemLink Redis Service |
| CVE-2024-6638 | 5.5 MEDIUM | Integer Overflow Vulnerability Reading TDMS Files in LabVIEW |
IV. Related Vulnerabilities
Same product: VeriStand
- CVE-2024-6806
Missing Authorization Checks In NI VeriStand Gateway For Pro - CVE-2024-6805
Missing Authorization Checks in NI VeriStand Gateway for Fil - CVE-2024-6793
Deserialization of Untrusted Data in NI VeriStand DataLoggin - CVE-2024-6791
Directory Path Traversal Vulnerability in NI VeriStand with - CVE-2024-6675
Deserialization of Untrusted Data Vulnerability in NI VeriSt
Same vendor: NI
- CVE-2026-32864
Out-of-Bounds Read in mgcore_SH_25_3!aligned_free() - CVE-2026-32863
Out-of-Bounds Read in sentry_transaction_context_set_operati - CVE-2026-32862
Out-of-Bounds Write in ResFileFactory::InitResourceMgr() - CVE-2026-32861
Out-of-Bounds Write Vulnerability in NI LabVIEW when loading - CVE-2026-32860
Out-of-Bounds Write Vulnerability in NI LabVIEW when loading
Same weakness: CWE-502
- CVE-2026-44126
Insecure deserialization - CVE-2026-5127
User Frontend: AI Powered Frontend Posting, User Directory, - CVE-2026-41586
ObjectInputStream.readObject() without ObjectInputFilter in - CVE-2026-34084
PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFac - CVE-2026-7712
MindsDB Pickle pickle.loads deserialization
V. Comments for CVE-2024-6794
No comments yet