CVE-2024-12741

CVSS 3.1 Score 7.8 of 10 (high)

Attack Complexity low

Confidentiality high

Integrity high

Availability high

Scope unchanged

Privileges Required none

Details

Published Dec 18, 2024

CWE ID 502

Summary

CVE-2024-12741 is a deserialization vulnerability affecting NI DAQExpress, where untrusted data can be exploited to execute remote code. An attacker must first get a user to open a maliciously crafted project file. DAQExpress versions 5.1 and older are susceptible to this issue. Notably, DAQExpress is an end-of-life product and will receive no further updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1skqyL
https://www.cve.org/CVERecord?id=CVE-2024-12741
https://nvd.nist.gov/vuln/detail/CVE-2024-12741

Back to Vulnerability Database

CVE-2024-12741

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations