CVE-2024-12740

Summary

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file.

Affected Software

VendorProductVersion RangeStatus
NIVision Development Module0 <= 24.1affected
NIFlexRIO0 < 25.0affected
NINI-IMAQdx0 <= 23.1affected
NIVision Acquisition Software0 <= 23.1affected
NIVision Builder for Automated Inspection0 <= 23.*affected
NIData Record AD0 <= 2.0affected
NIFRC Game Tools0 <= 25.0affected

Weaknesses

  • CWE-1395: CWE-1395 Dependency on Vulnerable Third-Party Component

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References