Available Security Updates for NI Software: 2024

Updated Jun 25, 2025

Overview

This page provides information about published security advisories for NI software in 2024. Click the link in the Info Code column to obtain more information or to download the update.

Contents

December Security Updates
July Security Updates
May Security Updates
March Security Updates
February Security Updates
Additional Resources

December Security Updates

July Security Updates

May Security Updates

March Security Updates

February Security Updates

Additional Resources

Name	Type	Description	Info Code
NI Security Update for CVE-2024-1155	Software	Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access.	CVE-2024-1155
NI Security Update for CVE-2024-1156	Software	Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.	CVE-2024-1156

Name	Type	Description	Info Code
NI Security Update for CVE-2024-23608	Software	An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-23608
NI Security Update for CVE-2024-23609	Software	An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-23609
NI Security Update for CVE-2024-23610	Software	An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-23610
NI Security Update for CVE-2024-23611	Software	An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-23611
NI Security Update for CVE-2024-23612	Software	An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-23612

Name	Type	Description	Info Code
NI Security Update for CVE-2024-4044	Software	A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution.	CVE-2024-4044

Name	Type	Description	Info Code
NI Security Update for CVE-2024-4079	Software	An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-4079
NI Security Update for CVE-2024-4080	Software	Memory corruption issues due to improper length checks in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-4080
NI Security Update for CVE-2024-4081	Software	Memory corruption issues due to improper length checks in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-4081
NI Security Update for CVE-2024-5602	Software	A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.	CVE-2024-5602
NI Security Update for CVE-2024-6121	Software	An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities.	CVE-2024-6121
NI Security Update for CVE-2024-6122	Software	An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access.	CVE-2024-6122
NI Security Update for CVE-2024-6638	Software	An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file.	CVE-2024-6638
NI Security Update for CVE-2024-6675	Software	A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file.	CVE-2024-6675
NI Security Update for CVE-2024-6791	Software	A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file.	CVE-2024-6791
NI Security Update for CVE-2024-6793	Software	A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message.	CVE-2024-6793
NI Security Update for CVE-2024-6794	Software	A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message.	CVE-2024-6794
NI Security Update for CVE-2024-6805	Software	The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure.	CVE-2024-6805
NI Security Update for CVE-2024-6806	Software	The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution.	CVE-2024-6806

Name	Type	Description	Info Code
NI Security Update for CVE-2024-12742	Software	A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted project file.	CVE-2024-12742
NI Security Update for CVE-2024-12741	Software	A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in arbitrary code execution.  Successful exploitation requires an attacker to get a user to open a specially crafted project file.	CVE-2024-12741
NI Security Update for CVE-2024-10496	Software	An out of bounds read vulnerability due to improper input validation in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-10496
NI Security Update for CVE-2024-10495	Software	An out of bounds read vulnerability due to improper input validation in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-10495
NI Security Update for CVE-2024-10494	Software	An out of bounds read vulnerability due to improper input validation in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI.	CVE-2024-10494

Was this information helpful?

Yes

No