06Fe5Fd2Bc53027C4A3B7E395Af0B850E7B8A044

Name of the Vulnerable Software and Affected Versions: NI SystemLink Server versions prior to 2024 Q1 NI FlexLogger versions prior to 2023 Q2 Description: An issue with incorrect permissions in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may lead to information disclosure via local access. Recommendations: For NI SystemLink Server versions prior to 2024 Q1, update to a version 2024 Q1 or later. For NI FlexLogger versions prior to 2023 Q2, update to a version 2023 Q2 or later. As a temporary workaround, consider restricting access to the KeyValueDatabase service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LabVIEW versions prior to 2024 Q1 **Description** An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. **Recommendations** For versions prior to 2024 Q1, update to a version newer than 2024 Q1 to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted VIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LabVIEW versions prior to 2024 Q1 **Description** An improper error handling issue may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. **Recommendations** For versions prior to 2024 Q1, update to a version newer than 2024 Q1 to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted VIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LabVIEW versions prior to 2024 Q1 **Description** An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. **Recommendations** For versions prior to 2024 Q1, update to a version newer than 2024 Q1 to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted VIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LabVIEW versions prior to 2024 Q1 **Description** An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. **Recommendations** For versions prior to 2024 Q1, update to a version newer than 2024 Q1 to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted VIs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LabVIEW versions 2024 Q1 and prior **Description** An improper error handling issue in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. **Recommendations** For versions 2024 Q1 and prior, consider disabling the ability to open specially crafted VIs until a patch is available. Restrict access to the VI file parsing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NI FlexLogger versions (affected versions not specified) **Description** The issue is related to incorrect permissions in the installation directories for shared SystemLink Elixir based services. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NI FlexLogger (affected versions not specified) **Description** The issue concerns incorrect directory permissions for the shared NI RabbitMQ service, which may allow a local authenticated user to read RabbitMQ configuration information. This could potentially enable escalation of privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.