National Instruments LabVIEW

Plan Patch7.8ICS-CERT ICSA-24-345-04Dec 10, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

National Instruments LabVIEW versions 2024 Q3_24.3f0 and earlier, 2023 (all versions), 2022 (all versions), and 2021 and prior contain a buffer overflow vulnerability (CWE-125) that allows local attackers to disclose sensitive information or execute arbitrary code on the system running LabVIEW. Exploitation requires local access to the machine and user interaction, such as opening a malicious file or clicking a link while LabVIEW is running. No remote exploitation is possible. LabVIEW 2021 and prior are end-of-life and will not receive patches.

What this means

What could happen

An attacker with local access to a machine running LabVIEW could read sensitive data from memory or execute arbitrary code with the privileges of the logged-in user, potentially compromising engineering designs, credentials, or control logic stored in the LabVIEW development environment.

Who's at risk

This affects organizations that use National Instruments LabVIEW for control system design, simulation, or deployment—including utilities, manufacturing facilities, and research institutions with engineering workstations. LabVIEW is commonly used to develop and test PLC logic, data acquisition systems, and real-time controllers. Compromise of an engineering workstation could allow an attacker to modify control logic before it is deployed to operational equipment.

How it could be exploited

An attacker must gain local access to a workstation or server running LabVIEW (via phishing, compromised credentials, or physical access). They then exploit a buffer overflow or memory access vulnerability (CWE-125) while a user is actively working in LabVIEW or after the user has interacted with a malicious file through the application.

Prerequisites

Local access to the machine running LabVIEW
User interaction required (file opening or application interaction)
LabVIEW application must be installed and accessible

Low complexity exploitationRequires user interactionAffects engineering workstations (critical for system integrity)Multiple versions unsupported (no fix available)LabVIEW 2021 and prior end-of-life

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

LabVIEW 2024: <=Q3_24.3f0≤ Q3 24.3f0Q3 Patch 2 or later

LabVIEW 2023: vers:all/*All versionsQ3 Patch 5 or later

LabVIEW 2022: vers:all/*All versionsQ3 Patch 4 or later

LabVIEW 2021 (EOL) and below: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/7

Do now

0/1

HARDENINGRestrict LabVIEW workstations to authorized personnel only and limit local administrative access

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade LabVIEW 2024 to Q3 Patch 2 or later

HOTFIXUpgrade LabVIEW 2023 to Q3 Patch 5 or later

HOTFIXUpgrade LabVIEW 2022 to Q3 Patch 4 or later

HOTFIXRetire or isolate LabVIEW 2021 and prior versions from the network; migrate projects to supported versions

Mitigations - no patch available

0/2

LabVIEW 2021 (EOL) and below: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate engineering workstations and LabVIEW development machines from the business network and internet

HARDENINGImplement endpoint detection and response (EDR) or antivirus on LabVIEW workstations to detect code execution attempts

CVEs (3)

CVE-2024-10494 CVE-2024-10495 CVE-2024-10496

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/40bf0c7e-83b4-48d5-95ff-e817d608a9b3