Incorrect Permissions for Shared SystemLink Elixir based Services

NI strongly recommends upgrading the affected software to mitigate this vulnerability. Refer to the Affected Products section to download the update. If upgrading is not possible, this issue may be mitigated using the following methods.  

Note: Some affected products do not install every service. 

Using the command line: 

1. Copy the attached systemlink-restrict-file-access.bat script to a directory on the affected machine. 
2. Run cmd.exe as an Administrator 
3. Change to the directory containing systemlink-restrict-file-access.bat. 
4. Run the command:  
    
   systemlink-restrict-file-access.bat <directory>  
    
   for each of the following directories, if present: 
   •  <Program Files>\National Instruments\Shared\Skyline\DocumentManager\elixir 
   • <Program Files>\National Instruments\Shared\Skyline\Message\elixir 
   • <Program Files>\National Instruments\Shared\Skyline\RabbitMQ\erl-<version> 
   • <Program Files>\National Instruments\Shared\Skyline\Security\elixir 
   • <Program Files>\National Instruments\Shared\Skyline\ServiceRegistry\elixir 
   • <Program Files>\National Instruments\Shared\Skyline\TagHistorian\elixir 
   • <ProgramData>\National Instruments\Skyline\RabbitMQ 

  Using Windows Explorer 

1. Navigate to <Program Files>\National Instruments\Shared\Skyline\DocumentManager 
2. Right-click on the folder "elixir” and select Properties.  
3. In the Properties window, go to the Security tab 
4. Click Advanced 
5. Click Change Permissions.  
6. Click Disable inheritance. 
7. When prompted, choose Convert inherited permissions into explicit permissions on this object. 
8. In the “Permission entries” list, select all instances of Users and Authenticated Users and click Remove on each. 
9. Click the OK button 
10. Repeat Steps 2-9 for each of the following folders, if present: 
    • <Program Files>\National Instruments\Shared\Skyline\Message\elixir 
    • <Program Files>\National Instruments\Shared\Skyline\RabbitMQ\erl-<version> 
    • <Program Files>\National Instruments\Shared\Skyline\Security\elixir 
    • <Program Files>\National Instruments\Shared\Skyline\ServiceRegistry\elixir 
    • <Program Files>\National Instruments\Shared\Skyline\TagHistorian\elixir 
    • <ProgramData>\National Instruments\Skyline\RabbitMQ 
11. Reboot the server. 

CVE-2024-1155– 7.8 - CVSS:3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2024-1156– 7.8 - CVSS:3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

At NI, we view the security of our products as an important part of our commitment to our customers.  Go to ni.com/security to stay informed and act upon security alerts and issues.

NI would like to thank 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 working with Trend Micro Zero Day Initiative for reporting this issue and working with us on coordinated disclosure.

• External Link: CVE-2024-1155 - National Vulnerability Database
• External Link: CVE-2024-1156 - National Vulnerability Database
• External Link: CWE-276