Cisco Talos discovered a vulnerability affecting LabVIEW 2016 version 16.0, a system design and development platform from National Instruments widely used to create applications for data acquisition, instrument control, and industrial automation. Successful exploitation of the vulnerability, CVE-2017-2779, could allow a threat actor to execute code via specially-crafted VI files. The NJCCIC recommends all users and administrators of LabVIEW review the Cisco Talos Vulnerability Spotlight and upgrade to LabVIEW 2017.

AdvisoryNJCCICCisco, LabVIEW