{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4044", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "state": "PUBLISHED", "assignerShortName": "NI", "dateReserved": "2024-04-22T21:05:40.301Z", "datePublished": "2024-05-10T14:59:10.943Z", "dateUpdated": "2024-08-01T20:26:57.269Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "FlexLogger", "vendor": "NI", "versions": [{"lessThanOrEqual": "24.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "InstrumentStudio", "vendor": "NI", "versions": [{"lessThanOrEqual": "24.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "kimiya working with Trend Micro Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.</span><br>"}], "value": "A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.\n"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-05-10T14:59:10.943Z"}, "references": [{"url": "https://ni.com/r/CVE-2024-4044"}], "source": {"discovery": "EXTERNAL"}, "title": "Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "ni", "product": "flexlogger", "cpes": ["cpe:2.3:a:ni:flexlogger:2024:q1:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2024", "status": "affected", "lessThanOrEqual": "24.1", "versionType": "custom"}]}, {"vendor": "ni", "product": "instrumentstudio", "cpes": ["cpe:2.3:a:ni:instrumentstudio:2024:q1:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2024", "status": "affected", "lessThanOrEqual": "24.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-11T17:25:10.120453Z", "id": "CVE-2024-4044", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:40:44.446Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.269Z"}, "title": "CVE Program Container", "references": [{"url": "https://ni.com/r/CVE-2024-4044", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://ni.com/r/CVE-2024-4044", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.269Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4044", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-11T17:25:10.120453Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ni:flexlogger:2024:q1:*:*:*:*:*:*"], "vendor": "ni", "product": "flexlogger", "versions": [{"status": "affected", "version": "2024", "versionType": "custom", "lessThanOrEqual": "24.1"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:ni:instrumentstudio:2024:q1:*:*:*:*:*:*"], "vendor": "ni", "product": "instrumentstudio", "versions": [{"status": "affected", "version": "2024", "versionType": "custom", "lessThanOrEqual": "24.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-11T17:31:48.461Z"}}], "cna": {"title": "Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "kimiya working with Trend Micro Zero Day Initiative"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NI", "product": "FlexLogger", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "24.1"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "NI", "product": "InstrumentStudio", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "24.1"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://ni.com/r/CVE-2024-4044"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-05-10T14:59:10.943Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4044", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:26:57.269Z", "dateReserved": "2024-04-22T21:05:40.301Z", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "datePublished": "2024-05-10T14:59:10.943Z", "assignerShortName": "NI"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger 2024 Q1 and prior versions as well as NI InstrumentStudio 2024 Q1 and prior versions.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de deserializaci\u00f3n de datos no confiables en el c\u00f3digo com\u00fan utilizado por FlexLogger e InstrumentStudio que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. La explotaci\u00f3n exitosa requiere que un atacante consiga que un usuario abra un archivo de proyecto especialmente manipulado. Esta vulnerabilidad afecta a NI FlexLogger 2024 Q1 y versiones anteriores, as\u00ed como a NI InstrumentStudio 2024 Q1 y versiones anteriores."}], "id": "CVE-2024-4044", "lastModified": "2024-05-14T16:11:39.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ni.com", "type": "Secondary"}]}, "published": "2024-05-14T15:42:45.640", "references": [{"source": "security@ni.com", "url": "https://ni.com/r/CVE-2024-4044"}], "sourceIdentifier": "security@ni.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@ni.com", "type": "Secondary"}]}

{}