National Instruments Circuit Design Suite

Plan PatchCVSS 7.8ICS-CERT ICSA-25-140-02May 20, 2025

National Instruments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

National Instruments Circuit Design Suite versions 14.3.0 and earlier contain buffer overflow and out-of-bounds access vulnerabilities (CWE-787, CWE-125, CWE-121) that could allow local code execution or information disclosure if a user opens a malicious circuit design file or project.

What this means

What could happen

An attacker with local access to a workstation running Circuit Design Suite could execute arbitrary code or read sensitive data from the design files or system memory, potentially compromising intellectual property or enabling further attacks on connected systems.

Who's at risk

Engineering teams and design departments that use National Instruments Circuit Design Suite for circuit and system design, particularly those supporting power systems, industrial automation, or process control projects. Organizations with design workstations connected to or in proximity to operational technology networks should prioritize this update.

How it could be exploited

An attacker must have local access to a workstation running a vulnerable version of Circuit Design Suite. If the workstation is connected to your OT network or engineering LAN, the attacker could gain code execution privileges and pivot to access control system design data or connected industrial devices.

Prerequisites

Local access to a workstation running National Instruments Circuit Design Suite version 14.3.0 or earlier
User interaction required (e.g., opening a malicious circuit design file)
Workstation must have the vulnerable software installed

Local exploitation requiredUser interaction neededHigh CVSS score (7.8)Code execution possibleData disclosure possible

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Circuit Design Suite: <=14.3.0≤ 14.3.014.3.1+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImplement administrative controls to prevent users from opening untrusted or unknown circuit design files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate National Instruments Circuit Design Suite to version 14.3.1 or later on all engineering workstations

Long-term hardening

0/2

HARDENINGRestrict network access to workstations running design software; do not connect them directly to the production OT network

HARDENINGSegment design workstations from production control system networks using a firewall or air gap

CVEs (5)

CVE-2025-30417 CVE-2025-30418 CVE-2025-30419 CVE-2025-30420 CVE-2025-30421

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0106374a-6283-44c9-8fc1-f39c36e2663a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.