{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5602", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "state": "PUBLISHED", "assignerShortName": "NI", "dateReserved": "2024-06-03T18:30:25.158Z", "datePublished": "2024-07-23T13:15:50.508Z", "dateUpdated": "2025-08-27T20:42:59.211Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IO Trace Tool", "vendor": "NI", "versions": [{"lessThanOrEqual": "24.3", "status": "affected", "version": "0", "versionType": "server"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Heinzl working with CISA"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.</span><br><br><p>The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.\u202f Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.\u202f&nbsp; </p><br>"}], "value": "A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.\n\nThe NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.\u202f Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-07-23T13:15:50.508Z"}, "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5602", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-23T14:06:24.315632Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ni:system_configuration:*:*:*:*:*:*:*:*"], "vendor": "ni", "product": "system_configuration", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "24.3"}], "defaultStatus": "unaffected"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T20:42:59.211Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.360Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.360Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5602", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-23T14:06:24.315632Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ni:system_configuration:*:*:*:*:*:*:*:*"], "vendor": "ni", "product": "system_configuration", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "24.3"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:11:41.501Z"}}], "cna": {"title": "Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Michael Heinzl working with CISA"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NI", "product": "IO Trace Tool", "versions": [{"status": "affected", "version": "0", "versionType": "server", "lessThanOrEqual": "24.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.\n\nThe NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.\u202f Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.</span><br><br><p>The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.\u202f Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.\u202f&nbsp; </p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-07-23T13:15:50.508Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5602", "state": "PUBLISHED", "dateUpdated": "2025-08-27T20:42:59.211Z", "dateReserved": "2024-06-03T18:30:25.158Z", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "datePublished": "2024-07-23T13:15:50.508Z", "assignerShortName": "NI"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.\n\nThe NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.\u202f Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria debido a una verificaci\u00f3n de l\u00edmites faltantes en NI I/O Trace Tool puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario. La explotaci\u00f3n exitosa requiere que un atacante proporcione al usuario un archivo nitrace especialmente manipulado. La herramienta NI I/O Trace se instala como parte de las utilidades de configuraci\u00f3n del sistema NI incluidas con muchos productos de software de NI. Consulte el Aviso de seguridad de NI para identificar la versi\u00f3n de NI IO Trace.exe instalada. La herramienta NI I/O Trace tambi\u00e9n se lanz\u00f3 anteriormente como NI Spy."}], "id": "CVE-2024-5602", "lastModified": "2024-11-21T09:48:00.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ni.com", "type": "Secondary"}]}, "published": "2024-07-23T14:15:15.077", "references": [{"source": "security@ni.com", "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html"}], "sourceIdentifier": "security@ni.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security@ni.com", "type": "Secondary"}]}

{}