Ni Labview vulnerabilities

CVE-2025-2631 [HIGH] CWE-787 CVE-2025-2631: Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformatio Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

CVE-2025-2629 [HIGH] CWE-427 CVE-2025-2629: There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior ve

CVE-2025-2630 [HIGH] CWE-427 CVE-2025-2630: There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

CVE-2025-2632 [HIGH] CWE-787 CVE-2025-2632: Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info fro Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.

CVE-2024-10496 [HIGH] CWE-1285 CVE-2024-10496: An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

CVE-2024-10495 [HIGH] CWE-1285 CVE-2024-10495: An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

CVE-2024-10494 [HIGH] CWE-1285 CVE-2024-10494: An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may discl An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

CVE-2024-4079 [HIGH] CWE-125 CVE-2024-4079: An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2024-4081 [HIGH] CWE-787 CVE-2024-4081: A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions.

CVE-2024-4080 [HIGH] CWE-787 CVE-2024-4080: A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose informa A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2024-6638 [MEDIUM] CWE-190 CVE-2024-6638: An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIE An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2024-23608 [HIGH] CWE-787 CVE-2024-23608: An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2024-23611 [HIGH] CWE-787 CVE-2024-23611: An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2024-23610 [HIGH] CWE-787 CVE-2024-23610: An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2024-23609 [HIGH] CWE-1285 CVE-2024-23609: An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2024-23612 [HIGH] CWE-1285 CVE-2024-23612: An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE-2022-27237 [MEDIUM] CWE-79 CVE-2022-27237: There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with sev There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Stat

CVE-2017-2779 [HIGH] CWE-787 CVE-2017-2779: An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of L An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this

CVE-2017-2775 [HIGH] CWE-119 CVE-2017-2775: An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64- An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to t

CVE-2013-5022 [CRITICAL] CWE-22 CVE-2013-5022: Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National In Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content