LabVIEW Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-4079

7.8HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 23 July 2024

What is CVE-2024-4079?

The vulnerability in LabVIEW arises from a missing bounds check that can lead to an out of bounds read, which may potentially expose sensitive information or facilitate arbitrary code execution. For successful exploitation, an attacker must provide a user with a specially crafted Virtual Instrument (VI). This flaw affects LabVIEW 2024 Q1 and all earlier versions, necessitating immediate attention from users to mitigate potential security risks.

Affected Version(s)

LabVIEW 0 <= 24.1

References

https://www.ni.com/en/support/security/available-critical...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2024
Vulnerability Reserved
Apr 23, 2024

Credit

Michael Heinzl working with CISA

Ni

What is CVE-2024-4079?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit