National Instruments Circuit Design Suite

Plan Patch7.8ICS-CERT ICSA-25-273-06Sep 30, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

National Instruments Circuit Design Suite versions 14.3.1 and earlier contain memory corruption vulnerabilities (type confusion and out-of-bounds read) that could allow arbitrary code execution on affected systems. Exploitation requires local access and user interaction. No public exploitation has been reported.

What this means

What could happen

An attacker with local access could corrupt memory in Circuit Design Suite, potentially allowing arbitrary code execution and information disclosure on engineering workstations used to design and configure control systems.

Who's at risk

Engineering teams and control system designers who use National Instruments Circuit Design Suite on workstations. This affects utilities, water authorities, manufacturing facilities, and power generation plants that rely on NI tools for PLC programming and control system design. Compromise of an engineering workstation could lead to malicious code injection into control system logic deployed to field devices.

How it could be exploited

An attacker must have local access to the engineering workstation running Circuit Design Suite. The attacker tricks a user into opening a malicious file or interacting with a crafted input (user interaction required), which triggers a memory corruption vulnerability (CWE-843 type confusion, CWE-125 out-of-bounds read). Successful exploitation could allow code execution in the context of the user running the application.

Prerequisites

Local access to the engineering workstation or device where Circuit Design Suite is installed
User interaction required (user must open a file or input that triggers the vulnerability)
Target system running affected version 14.3.1 or earlier

local attack only (not remotely exploitable)requires user interactionmemory corruption can lead to arbitrary code executionaffects engineering workstations with potential downstream impact on deployed systemslow complexity attack

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Circuit Design Suite: <=v14.3.1≤ v14.3.114.3.2

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and network access to engineering workstations running Circuit Design Suite to authorized personnel only

HARDENINGEducate users to avoid opening files from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Circuit Design Suite to version 14.3.2 or later from NI Package Manager or Software Downloads

Long-term hardening

0/1

HARDENINGImplement file integrity monitoring and malware scanning on engineering workstations to detect suspicious files before they are opened

CVEs (2)

CVE-2025-6033 CVE-2025-6034

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f6634f93-5851-49de-828d-6d863c0d179c