National Instruments Circuit Design Suite

Plan Patch7.8ICS-CERT ICSA-25-140-02May 20, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

National Instruments Circuit Design Suite versions 14.3.0 and earlier contain memory corruption vulnerabilities (buffer overflow and out-of-bounds access) in CWE-787, CWE-125, and CWE-121. Successful exploitation allows an attacker with local access to disclose information or execute arbitrary code on the affected workstation. The vulnerabilities require user interaction and local system access; they are not remotely exploitable.

What this means

What could happen

An attacker with local access to a workstation running Circuit Design Suite could execute arbitrary code or read sensitive design files, potentially exposing proprietary circuit designs or compromising engineering workflows.

Who's at risk

Engineering and design teams who use National Instruments Circuit Design Suite for electrical or electronic circuit development. This affects design workstations and any systems used to develop or validate circuit designs before deployment to manufacturing or control systems.

How it could be exploited

An attacker must first gain local access to a workstation where Circuit Design Suite is installed (e.g., through phishing, USB drive, or compromised account). They then exploit a memory corruption vulnerability (buffer overflow or out-of-bounds access) in the application to run arbitrary commands with the privileges of the logged-in user.

Prerequisites

Local access to the workstation running Circuit Design Suite (version 14.3.0 or earlier)
User interaction required (the application must be running or a file must be opened)
No special credentials or elevated privileges required

Low complexity exploitLocal attack only (not remotely exploitable)User interaction requiredAffects engineering/design systems that may interface with OT networks

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Circuit Design Suite: <=14.3.0≤ 14.3.014.3.1 or later

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate National Instruments Circuit Design Suite to version 14.3.1 or later

Long-term hardening

0/2

HARDENINGRestrict local administrative access on workstations and enforce strong endpoint authentication to limit local attack surface

HARDENINGIsolate engineering workstations from the business network and internet; require VPN for remote access to engineering environments

CVEs (5)

CVE-2025-30417 CVE-2025-30418 CVE-2025-30419 CVE-2025-30420 CVE-2025-30421

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0106374a-6283-44c9-8fc1-f39c36e2663a