Filtered by vendor Ni
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4079 | 1 Ni | 1 Labview | 2024-11-21 | 7.8 High |
| An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | ||||
| CVE-2024-23612 | 1 Ni | 1 Labview | 2024-11-21 | 7.8 High |
| An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | ||||
| CVE-2024-23609 | 1 Ni | 1 Labview | 2024-11-21 | 7.8 High |
| An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. | ||||
| CVE-2023-5136 | 1 Ni | 4 Diadem, Flexlogger, Topografix Data Plugin and 1 more | 2024-11-21 | 5.5 Medium |
| An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. | ||||
| CVE-2023-4601 | 2 Microsoft, Ni | 2 Windows, System Configuration | 2024-11-21 | 8.1 High |
| A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions. | ||||
| CVE-2023-4570 | 1 Ni | 1 Measurementlink | 2024-11-21 | 8.8 High |
| An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. | ||||
| CVE-2022-42718 | 1 Ni | 1 Labview Command Line Interface | 2024-11-21 | 7.8 High |
| Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-35415 | 1 Ni | 1 Configuration Manager | 2024-11-21 | 7.8 High |
| An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27237 | 1 Ni | 5 Flexlogger, G Web Development Software, Labview and 2 more | 2024-11-21 | 6.1 Medium |
| There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Depending on the product(s) in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install G Web Development 2022 R1 or later, or install Static Test Software Suite version 1.2 or later. | ||||
| CVE-2021-42563 | 2 Microsoft, Ni | 2 Windows, Ni Service Locator | 2024-11-21 | 7.8 High |
| There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | ||||
| CVE-2021-38304 | 1 Ni | 1 Ni-pal | 2024-11-21 | 7.8 High |
| Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-25191 | 1 Ni | 2 Compactrio, Compactrio Firmware | 2024-11-21 | 7.5 High |
| Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | ||||
| CVE-2017-2779 | 1 Ni | 1 Labview | 2024-11-21 | N/A |
| An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. | ||||
| CVE-2017-2775 | 1 Ni | 1 Labview | 2024-11-21 | N/A |
| An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. | ||||