CVE-2024-23609

Improper Error Handling Issue in LabVIEW

CVSS 7.8 HIGHEPSS 0.6%CWE-1285

In short

LabVIEW has a flaw in how it handles errors that can allow an attacker to run malicious code on a victim's computer if they trick the user into opening a specially crafted file. This affects LabVIEW 2024 Q1 and earlier versions.

Technical detail

An improper error handling vulnerability in LabVIEW allows remote code execution when a user opens a malicious VI (LabVIEW file). The attack requires social engineering to deliver the crafted VI to a target. Versions 2024 Q1 and prior are affected.

Summary generated and translated by AI from the official description.

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

NI · LabVIEW

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html