Primary

Context

NI Circuit Design Suite Memory Corruption Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in the DrObjectStorage::XML_Serialize() function within the Symbol Editor of NI Circuit Design Suite. This memory corruption issue could lead to information disclosure or arbitrary code execution. Exploitation requires an attacker to persuade a user to open a specially crafted .sym file. The vulnerability affects NI Circuit Design Suite versions through 14.3.0.

Impact

Exploitation of this vulnerability could result in memory corruption, allowing for arbitrary code execution or information disclosure.

Remediation

Users are advised to upgrade to NI Circuit Design Suite 14.3.1 or later. The update can be obtained through the NI Package Manager or the NI Software Downloads page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NI Circuit Design Suite Memory Corruption Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

NI Circuit Design Suite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating