Mike Palafox

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions prior to 2025 Q1 Description: The issue is related to a DLL hijacking vulnerability due to an uncontrolled search path when loading NI Error Reporting, which may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. Recommendations: For versions prior to 2025 Q1, update to a version that includes the fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting access to the NI Error Reporting module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions prior to 2025 Q1 Description: The issue is related to a DLL hijacking vulnerability due to an uncontrolled search path in NI LabVIEW, which may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path. Recommendations: For versions prior to 2025 Q1, update to a version newer than 2025 Q1 to resolve the issue. As a temporary workaround, consider restricting access to the uncontrolled search path to minimize the risk of exploitation.