A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3 and prior versions.
This vulnerability is identified as CVE-2024-12742.
NI strongly recommends upgrading the affected software to mitigate these vulnerabilities. Refer to the Affected Products section for information on upgrading these products.
CVE-2024-12742 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.
NI would like to thank kimiya working with Trend Micro Zero Day Initiative for reporting this issue and working with us on coordinated disclosure.
| Product Version | Mitigation |
|---|---|
| G Web Development Software 2022 Q3 and prior | Upgrade to G Web Development 2022 Q3 Patch 2 or later from NI Package Manager or Software Downloads |