OTPulse
FeedAboutContact

National Instruments IO Trace

Monitor7.8ICS-CERT ICSA-24-205-01Jul 23, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

National Instruments I/O TRACE contains a buffer overflow vulnerability (CWE-121) in all versions that could allow a local attacker to execute arbitrary code. Exploitation requires local system access and may require user interaction, such as opening a malicious project file. No remote exploitation is possible. National Instruments has provided a fix; refer to their public advisory for patch availability and version details.

What this means
What could happen
A local attacker with physical or logon access to a machine running National Instruments I/O TRACE could execute arbitrary code, potentially compromising measurement and data acquisition systems or automation workflows that depend on I/O TRACE.
Who's at risk
Organizations using National Instruments I/O TRACE for measurement, data acquisition, or test automation, particularly those in power generation, water treatment, or manufacturing facilities. This affects engineering workstations and control system measurement nodes running the affected software.
How it could be exploited
An attacker must have local access to a machine running I/O TRACE (either physical access or valid user credentials). Once local, the attacker can exploit a buffer overflow vulnerability to run arbitrary code with the privileges of the user running I/O TRACE.
Prerequisites
  • Local system access (physical or user account credentials)
  • I/O TRACE application installed and running
  • User interaction may be required (e.g., opening a file or project)
Buffer overflow vulnerability (CWE-121)Requires local system accessUser interaction may be requiredAll versions affected
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
I/O TRACE: vers:all/*All versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict local system access and user account privileges on machines running I/O TRACE to authorized personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXCheck National Instruments advisory for available patch or firmware update and apply to all systems running I/O TRACE
Long-term hardening
0/2
HARDENINGIsolate I/O TRACE systems on a segmented network not directly connected to business network or internet
HARDENINGDisable or restrict remote access to systems running I/O TRACE unless absolutely necessary; if required, use VPN with network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0b58a266-0058-45d4-b109-9f72f05527c6
National Instruments IO Trace | CVSS 7.8 - OTPulse