Vulnerabilities > NI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-5136 | Incorrect Permission Assignment for Critical Resource vulnerability in NI products An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. | 5.5 |
| 2023-10-18 | CVE-2023-4601 | Out-of-bounds Write vulnerability in NI System Configuration A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. | 9.8 |
| 2023-10-05 | CVE-2023-4570 | Unspecified vulnerability in NI Measurementlink 1.0.0/1.0.1/1.1.0 An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. low complexity ni | 8.8 |
| 2022-12-01 | CVE-2022-42718 | Incorrect Default Permissions vulnerability in NI Labview Command Line Interface Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-09-16 | CVE-2022-35415 | Improper Input Validation vulnerability in NI Configuration Manager An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-04-21 | CVE-2022-27237 | Cross-site Scripting vulnerability in NI products There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. | 6.1 |
| 2021-11-12 | CVE-2021-42563 | Unquoted Search Path or Element vulnerability in NI Service Locator There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. | 7.8 |
| 2021-09-17 | CVE-2021-38304 | Improper Input Validation vulnerability in NI Ni-Pal 20.0.0 Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
| 2020-12-11 | CVE-2020-25191 | Incorrect Permission Assignment for Critical Resource vulnerability in NI Compactrio Firmware Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | 7.5 |
| 2017-09-05 | CVE-2017-2779 | Out-of-bounds Write vulnerability in NI Labview An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. | 7.8 |