CVE-2024-4079 National Instruments CVE debrief

Who should care

Organizations using National Instruments LabVIEW in industrial automation, test and measurement, or control system environments. Security teams responsible for OT/ICS asset protection and software supply chain security.

Technical summary

CVE-2024-4079 is an out-of-bounds read vulnerability in National Instruments LabVIEW versions 24.1f0 and earlier. The flaw stems from a missing bounds check when processing VI files. A local attacker can exploit this by convincing a user to open a crafted malicious VI file, resulting in arbitrary code execution with the privileges of the LabVIEW process. The vulnerability has a CVSS 3.1 score of 7.8 (HIGH severity) with attack vector LOCAL, attack complexity LOW, privileges required NONE, and user interaction REQUIRED. Confidentiality, Integrity, and Availability impacts are all HIGH. National Instruments has released security updates to remediate this vulnerability.

Defensive priority

HIGH

Recommended defensive actions

• Apply the security update provided by National Instruments for LabVIEW. Refer to the vendor's security advisories for patch availability and installation guidance.
• Implement application whitelisting to prevent execution of untrusted VI files.
• Train users to avoid opening VI files from untrusted sources.
• Consider network segmentation for systems running LabVIEW in industrial control environments.

Evidence notes

Vulnerability disclosed via CISA ICS advisory ICSA-24-205-03. Out-of-bounds read due to missing bounds check. Attack vector is local, requires user interaction to open malicious VI file. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources