CVE-2024-10495
📋 TL;DR
This vulnerability allows attackers to read memory beyond intended boundaries when LabVIEW loads specially crafted font tables, potentially leading to information disclosure or arbitrary code execution. It affects users who open malicious VI files in NI LabVIEW 2024 Q3 and earlier versions. Successful exploitation requires social engineering to trick users into opening attacker-controlled files.
💻 Affected Systems
- NI LabVIEW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the LabVIEW user, potentially leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Information disclosure from memory contents, potentially exposing sensitive data or system information that could aid further attacks.
If Mitigated
Limited impact due to user awareness training preventing malicious file execution, with LabVIEW running in sandboxed or restricted environments.
🎯 Exploit Status
Exploitation requires creating a specially crafted VI file and convincing a user to open it. No public exploits are currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: LabVIEW 2024 Q3 with security update or later versions
Vendor Advisory: https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html
Restart Required: Yes
Instructions:
1. Download the latest LabVIEW update from NI website. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes. 4. Verify the update was applied successfully.
🔧 Temporary Workarounds
Restrict VI file execution
allConfigure application control policies to prevent execution of untrusted VI files
User awareness training
allTrain users to only open VI files from trusted sources and verify file integrity
🧯 If You Can't Patch
- Implement strict application whitelisting to prevent execution of LabVIEW from untrusted locations
- Use network segmentation to isolate LabVIEW systems from critical infrastructure
🔍 How to Verify
Check if Vulnerable:
Check LabVIEW version via Help > About LabVIEW. If version is 2024 Q3 or earlier, the system is vulnerable.Check Version:
In LabVIEW: Help > About LabVIEW, or on Windows: reg query "HKLM\SOFTWARE\National Instruments\LabVIEW\xx.x" /v Version (replace xx.x with version number)Verify Fix Applied:
Verify LabVIEW version is updated to 2024 Q3 with security patch or later. Check NI security advisory for specific patch versions.📡 Detection & Monitoring
Log Indicators:
- Unexpected LabVIEW crashes when loading VI files
- Multiple failed attempts to load corrupted VI files
- Unusual process behavior from labview.exe
Network Indicators:
- Downloads of VI files from untrusted sources
- Unusual file transfers to LabVIEW systems
SIEM Query:
Process:labview.exe AND (EventID:1000 OR EventID:1001) AND Keywords:"Application Error"