An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NNi Diadem
APPNi201420152017201820192020202120222023Ni Flexlogger
APPNi201820192020202120222023Ni Topografix Data Plugin
APPNi2023Ni Veristand
APPNi2013201420152016201720182019202020212023
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2024-6793CRITICAL9.8PL ✓ten sam produkt
RCE przez niebezpieczną deserializację w NI VeriStand DataLogging Server
CVE-2024-6806CRITICAL9.8PL ✓ten sam produkt
Brak weryfikacji autoryzacji w NI VeriStand Gateway — RCE
CVE-2024-6794CRITICAL9.8PL ✓ten sam produkt
RCE przez deserializację danych w NI VeriStand Waveform Streaming Server
CVE-2025-2449HIGH8.8ten sam produkt
NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerabil...
CVE-2024-6791HIGH7.8ten sam produkt
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in...