CVE-2024-6793
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on NI VeriStand DataLogging Server by sending specially crafted messages that trigger unsafe deserialization. It affects all organizations using NI VeriStand 2024 Q2 or earlier versions, particularly those with exposed DataLogging Server instances.
💻 Affected Systems
- NI VeriStand DataLogging Server
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the server, potentially leading to data theft, system destruction, or lateral movement within the network.
Likely Case
Remote code execution allowing attackers to install malware, exfiltrate sensitive data, or disrupt industrial control operations.
If Mitigated
Limited impact if proper network segmentation and access controls prevent attackers from reaching vulnerable services.
🎯 Exploit Status
The vulnerability requires sending specially crafted messages but does not require authentication, making exploitation relatively straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NI VeriStand 2024 Q3 or later
Restart Required: Yes
Instructions:
1. Download and install NI VeriStand 2024 Q3 or later from NI website. 2. Apply the update to all affected systems. 3. Restart the DataLogging Server service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allIsolate NI VeriStand DataLogging Server from untrusted networks and restrict access to authorized systems only.
Firewall Rules
allImplement strict firewall rules to limit inbound connections to the DataLogging Server port from trusted IP addresses only.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the vulnerable server from all untrusted networks
- Deploy intrusion detection systems to monitor for exploitation attempts and anomalous network traffic
🔍 How to Verify
Check if Vulnerable:
Check NI VeriStand version in the software interface or via Windows Programs and Features. If version is 2024 Q2 or earlier, the system is vulnerable.Check Version:
In Windows: Check Control Panel > Programs and Features for 'NI VeriStand' versionVerify Fix Applied:
Verify NI VeriStand version is 2024 Q3 or later and confirm the DataLogging Server service is running with the updated version.📡 Detection & Monitoring
Log Indicators:
- Unusual network connections to DataLogging Server port
- Unexpected process creation from DataLogging Server
- Deserialization errors or exceptions in application logs
Network Indicators:
- Malformed or unusually structured messages sent to DataLogging Server port
- Traffic patterns inconsistent with normal VeriStand operations
SIEM Query:
source="*veristand*" AND (event_type="deserialization_error" OR process_name="powershell.exe" OR process_name="cmd.exe")🔗 References
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/deserialization-of-untrusted-data-vulnerabilities-in-ni-veristand.html
