{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23611", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "state": "PUBLISHED", "assignerShortName": "NI", "dateReserved": "2024-01-18T20:48:24.220Z", "datePublished": "2024-03-11T15:14:22.944Z", "dateUpdated": "2024-08-28T19:57:08.855Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "LabVIEW", "vendor": "NI", "versions": [{"lessThanOrEqual": "2024 Q1", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.</p>"}], "value": "An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.\n\n"}], "impacts": [{"capecId": "CAPEC-23", "descriptions": [{"lang": "en", "value": "CAPEC-23 File Content Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-03-11T15:14:22.944Z"}, "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Out of Bounds Write Due to Missing Bounds Check in LabVIEW", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.313Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "ni", "product": "labview", "cpes": ["cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2024 Q1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T19:56:16.752194Z", "id": "CVE-2024-23611", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T19:57:08.855Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.313Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23611", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-28T19:56:16.752194Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"], "vendor": "ni", "product": "labview", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024 Q1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T19:57:03.524Z"}}], "cna": {"title": "Out of Bounds Write Due to Missing Bounds Check in LabVIEW", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-23", "descriptions": [{"lang": "en", "value": "CAPEC-23 File Content Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NI", "product": "LabVIEW", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024 Q1"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-03-11T15:14:22.944Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23611", "state": "PUBLISHED", "dateUpdated": "2024-08-28T19:57:08.855Z", "dateReserved": "2024-01-18T20:48:24.220Z", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "datePublished": "2024-03-11T15:14:22.944Z", "assignerShortName": "NI"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9BBCA76-7B4C-4CC5-A782-489CA4223C04", "versionEndIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2021:-:*:*:-:*:*:*", "matchCriteriaId": "F46539B2-9084-45E3-B9D6-447C9E002C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*", "matchCriteriaId": "BF28259A-30A6-4BB1-B262-A006AB74AFFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*", "matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*", "matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*", "matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*", "matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*", "matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*", "matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*", "matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.\n\n"}, {"lang": "es", "value": "Una escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes en LabVIEW puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. La explotaci\u00f3n exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. Esta vulnerabilidad afecta a LabVIEW 2024 Q1 y versiones anteriores."}], "id": "CVE-2024-23611", "lastModified": "2025-02-27T17:48:34.007", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ni.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-11T16:15:08.557", "references": [{"source": "security@ni.com", "tags": ["Vendor Advisory"], "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html"}], "sourceIdentifier": "security@ni.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@ni.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}