National Instruments LabVIEW

Monitor7.8ICS-CERT ICSA-24-205-03Jul 23, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

National Instruments LabVIEW versions 24.1f0 and earlier contain two memory safety vulnerabilities: an out-of-bounds read due to missing bounds checking (CWE-125) and memory corruption issues due to improper length checks (CWE-119). Both vulnerabilities are local in nature and require user interaction, such as opening a malicious LabVIEW project file. Successful exploitation allows a local attacker to disclose sensitive information from process memory and execute arbitrary code with the privileges of the LabVIEW application.

What this means

What could happen

A local attacker with access to a LabVIEW system could read sensitive memory and execute arbitrary code on the engineering workstation, potentially modifying control logic or stealing credentials used to access field devices.

Who's at risk

Engineering teams and control system operators at water utilities, power plants, and manufacturing facilities who use National Instruments LabVIEW for SCADA programming, PLC/RTU development, and process control system design are affected. Risk is highest for organizations where LabVIEW workstations have access to credentials or network connectivity to field devices.

How it could be exploited

An attacker with local access to a LabVIEW engineering workstation could trigger an out-of-bounds read or memory corruption condition through a crafted file or user interaction, allowing them to read process memory (disclosing engineering logic or credentials) or execute arbitrary code with the privileges of the LabVIEW process.

Prerequisites

Local access to the LabVIEW system
User interaction required (likely opening a malicious file or project)
LabVIEW version 24.1f0 or earlier

Local exploitation only (requires workstation access)User interaction requiredHigh severity (CVSS 7.8)Affects engineering/development systems with control logic accessOut-of-bounds read and memory corruptionNo public exploitation reported

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

LabVIEW: <=24.1f0≤ 24.1f0Fix available

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and local network access to engineering workstations running LabVIEW to trusted personnel only

WORKAROUNDEducate operators and engineers to avoid opening untrusted project files or attachments on LabVIEW systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate LabVIEW to the fixed version released by National Instruments (consult NI security advisories for specific version number)

Long-term hardening

0/1

HARDENINGIsolate LabVIEW development systems from business network and internet connectivity when not required

CVEs (3)

CVE-2024-4080 CVE-2024-4081 CVE-2024-4079

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b6ade5fa-c0b6-4408-a494-ac3ebe79cd32