CVE-2024-23611
📋 TL;DR
An out-of-bounds write vulnerability in LabVIEW allows remote code execution when a user opens a specially crafted VI file. This affects LabVIEW 2024 Q1 and earlier versions, potentially enabling attackers to execute arbitrary code on the victim's system.
💻 Affected Systems
- LabVIEW
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote attacker gains full control of the victim's system through arbitrary code execution, potentially leading to data theft, system compromise, or lateral movement within the network.
Likely Case
Targeted attacks where users are tricked into opening malicious VI files, resulting in system compromise and potential data exfiltration.
If Mitigated
With proper security controls and user awareness, exploitation attempts are blocked or detected before successful compromise.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious VI file. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: LabVIEW 2024 Q2 or later
Restart Required: Yes
Instructions:
1. Download and install LabVIEW 2024 Q2 or later from NI's official website. 2. Restart the system after installation. 3. Verify the update was successful by checking the LabVIEW version.
🔧 Temporary Workarounds
Restrict VI file execution
allConfigure system policies to block execution of VI files from untrusted sources or require administrative approval.
User awareness training
allEducate users to only open VI files from trusted sources and verify file integrity before opening.
🧯 If You Can't Patch
- Implement application whitelisting to only allow execution of known-good LabVIEW applications.
- Use network segmentation to isolate LabVIEW systems from critical network segments.
🔍 How to Verify
Check if Vulnerable:
Check LabVIEW version via Help > About LabVIEW. If version is 2024 Q1 or earlier, the system is vulnerable.Check Version:
On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\National Instruments\LabVIEW\CurrentVersionVerify Fix Applied:
Verify LabVIEW version is 2024 Q2 or later via Help > About LabVIEW.📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from LabVIEW.exe
- Suspicious file operations by LabVIEW processes
- Failed attempts to load VI files
Network Indicators:
- Unexpected outbound connections from LabVIEW systems
- File transfers involving VI files from untrusted sources
SIEM Query:
Process Creation where Image contains 'labview.exe' AND CommandLine contains '.vi'🔗 References
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html
