Vulnerabilities > NI

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-5136 Incorrect Permission Assignment for Critical Resource vulnerability in NI products
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure.
local
low complexity
ni CWE-732
5.5
2023-10-18 CVE-2023-4601 Out-of-bounds Write vulnerability in NI System Configuration
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution.
network
low complexity
ni CWE-787
critical
9.8
2023-10-05 CVE-2023-4570 Unspecified vulnerability in NI Measurementlink 1.0.0/1.0.1/1.1.0
An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost.
low complexity
ni
8.8
2022-12-01 CVE-2022-42718 Incorrect Default Permissions vulnerability in NI Labview Command Line Interface
Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
ni CWE-276
7.8
2022-04-21 CVE-2022-27237 Cross-site Scripting vulnerability in NI products
There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products.
network
ni CWE-79
4.3
2021-11-12 CVE-2021-42563 Unquoted Search Path or Element vulnerability in NI Service Locator
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows.
local
low complexity
ni CWE-428
4.6
2021-09-17 CVE-2021-38304 Improper Input Validation vulnerability in NI Ni-Pal 20.0.0
Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
ni CWE-20
4.6
2020-12-11 CVE-2020-25191 Incorrect Permission Assignment for Critical Resource vulnerability in NI Compactrio Firmware
Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.
network
low complexity
ni CWE-732
7.8
2017-09-05 CVE-2017-2779 Out-of-bounds Write vulnerability in NI Labview
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014.
network
ni CWE-787
6.8
2017-03-31 CVE-2017-2775 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NI Labview 16.0.0.49152
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch.
network
ni CWE-119
6.8