CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6638 – Integer Overflow Vulnerability Reading TDMS Files in LabVIEW
https://notcve.org/view.php?id=CVE-2024-6638
22 Jul 2024 — An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una vulnerabilidad de desbordamiento de enteros debido a una validación de entrada incorrecta al leer archivos TDMS en LabVIEW puede resultar en un bucle infinito. La explotación exitosa requiere que un atacante prop... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23612 – Improper Error Handling Issue in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23612
11 Mar 2024 — An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una vulnerabilidad de manejo incorrecto de errores en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html • CWE-755: Improper Handling of Exceptional Conditions CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23609 – Improper Error Handling Issue in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23609
11 Mar 2024 — An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una vulnerabilidad de manejo incorrecto de errores en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html • CWE-755: Improper Handling of Exceptional Conditions CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23611 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23611
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23610 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23610
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23608 – Out of Bounds Write Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-23608
11 Mar 2024 — An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Una escritura fuera de los límites debido a una verificación de los límites faltantes en LabVIEW puede resultar en la ejecución remota de código. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42718
https://notcve.org/view.php?id=CVE-2022-42718
01 Dec 2022 — Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. Los permisos predeterminados incorrectos en la carpeta de instalación para NI LabVIEW Command Line Interface (CLI) pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.ni.com/en-us/support/documentation/supplemental/22/privilege-escalation-in-ni-labview-cli-.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2022-27237
https://notcve.org/view.php?id=CVE-2022-27237
21 Apr 2022 — There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en un componente de NI Web Server instalado con v... • https://www.ni.com/en-us/support/documentation/supplemental/22/cross-site-scripting-vulnerability--in-ni-web-server-component.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2017-2779
https://notcve.org/view.php?id=CVE-2017-2779
05 Sep 2017 — An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. Existe una vulnerabilidad de corrupción de memoria explotable en la funcionalidad de análisis de... • http://www.ni.com/product-documentation/54099/en • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2017-2775
https://notcve.org/view.php?id=CVE-2017-2775
31 Mar 2017 — An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. Existe una vulnerabilidad de corrupción de memoria explotable en la funcionalida... • http://www.ni.com/product-documentation/53778/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •