Vulnerability Description
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ni | Flexlogger | 2021 |
| Ni | G Web Development Software | 2021 |
| Ni | Labview | 2021 |
| Ni | Static Test Software Suite | < 1.2 |
| Ni | Systemlink | 2020 |
Related Weaknesses (CWE)
References
- https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scriptMitigationPatchVendor Advisory
- https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scriptMitigationPatchVendor Advisory
FAQ
What is CVE-2022-27237?
CVE-2022-27237 is a vulnerability with a CVSS score of 6.1 (MEDIUM). There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemL...
How severe is CVE-2022-27237?
CVE-2022-27237 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27237?
Check the references section above for vendor advisories and patch information. Affected products include: Ni Flexlogger, Ni G Web Development Software, Ni Labview, Ni Static Test Software Suite, Ni Systemlink.