Saw this on the Talos blog and thought I’d share it…
Basically, a specially crafted VI file can be used to trigger the vulnerability and execute arbitrary code.
NI doesn’t consider that this issue constitutes a vulnerability. Interesting… but wrong… A snippet of code shouldn’t allow you to execute code to break into a system.
Yes, but you normally would expect a manufacturer to fix such issues. As instrumentation becomes more and more network aware and accessible it becomes more and more critical. You don’t want this gear to be a jump off point for an attacker in the network.