CVE-2024-23612

Improper Error Handling Issue in LabVIEW

CVSS 7.8 HIGHEPSS 0.6%CWE-1285

In short

LabVIEW has a flaw in how it handles errors that could allow an attacker to run malicious code on your computer if you open a specially crafted file. This is serious because it bypasses normal security checks.

Technical detail

An improper error handling mechanism in LabVIEW allows remote code execution when a user opens a malicious VI (Virtual Instrument) file. The vulnerability exists in versions 2024 Q1 and earlier; exploitation requires user interaction to load the crafted VI, but once triggered, results in arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

NI · LabVIEW

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html