Labview issue....,

Saw this on the Talos blog and thought I’d share it…

Basically, a specially crafted VI file can be used to trigger the vulnerability and execute arbitrary code.

NI doesn’t consider that this issue constitutes a vulnerability. Interesting… but wrong… A snippet of code shouldn’t allow you to execute code to break into a system.

There are vulnerabilities in every system, and in every coding environment, LabVIEW being no exception.

1 Like

Yes, but you normally would expect a manufacturer to fix such issues. As instrumentation becomes more and more network aware and accessible it becomes more and more critical. You don’t want this gear to be a jump off point for an attacker in the network.

1 Like

This is NI’s response

http://www.ni.com/product-documentation/54099/en/

You have to set up machine to allow for such in 1st place, so should not affect dms or anyone other than advanced lv programmer…

1 Like