Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday August 31 2017, @11:54AM   Printer-friendly
from the don't-touch-that-VI-(file) dept.

Submitted via IRC for TheMightyBuzzard

Cory Duplantis of Cisco Talos unearthed a LabVIEW code execution flaw which can be triggered by the victim opening a specially crafted VI file.

LabVIEW, the widely used system design and development platform developed by National Instruments, sports a memory corruption vulnerability that could lead to code execution.

LabVIEW is commonly used for building data acquisition, instrument control, and industrial automation systems on a variety of operating systems: Windows, macOS, Linux and Unix.

The vulnerability was discovered by Cory Duplantis of Cisco Talos earlier this year, and reported to the company.

It can be triggered by the victim opening a specially crafted VI file – a proprietary file format that's comparable to the EXE file format.

"Although there is no published specification for the [VI] file format, inspecting the files shows that they contain a section named 'RSRC', presumably containing resource information," Cisco noted.

"Modulating the values within this section of a VI file can cause a controlled looping condition resulting in an arbitrary null write. This vulnerability can be used by an attacker to create a specially crafted VI file that when opened results in the execution of code supplied by the attacker. The consequences of a successful compromise of a system that interacts with the physical world, such as a data acquisition and control systems, may be critical to safety."

More details about the flaw can be found in this report. It affects the latest stable LabVIEW version (LabVIEW 2016 version 16.0), but it's possible that earlier iterations are also vulnerable.

Additional Information:
http://blog.talosintelligence.com/2017/08/vulnerability-spotlight-code-execution.html
CVE-2017-2779

Source: https://www.helpnetsecurity.com/2017/08/30/labview-code-execution-flaw/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Immerman on Thursday August 31 2017, @12:32PM (4 children)

    by Immerman (3985) on Thursday August 31 2017, @12:32PM (#562087)

    Imagine, running untrusted software on your computer my compromise the integrity of that computer. Shocking!

    The VI file is the program you're already giving direct control of your physical world components - if you already trust it to do that, it seems rather silly to worry about it getting out of its sandbox in the PC.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Informative) by LoRdTAW on Thursday August 31 2017, @03:24PM (3 children)

    by LoRdTAW (3755) on Thursday August 31 2017, @03:24PM (#562151) Journal

    LabView is a graphical, high level, managed language and runtime. This is no different than running malicious python or c#.

    I took a free class in LabView to see whether or not I was interested in the platform and it's a big nope. Nice hardware but the licensing and proprietary nonsense. I see National Instruments as one of those companies throw their hardware and software at universities for next to nothing to get students hooked on using their products in order to grow a market (same with Multisim). Thing is, after school no student can afford the stupid cost of a license unless they're wealthy.

    Want an alternative? A German automation company built an open source hard real time test and automation platform around EtherCAT, Linux, and other open source tools like Scilab called EtherLab:
    https://www.etherlab.org/ [etherlab.org]
    There is also Machinekit, a fork of LinuxCNC (formerly Linux EMC), which aims to be a complete hard real time automation platform for not only motion but also custom RT code and PLC/PAC functionality:
    http://www.machinekit.io/ [machinekit.io]
    And Machinekit is also using parts of EtherLab too, specifically their EtherCAT stack.

    • (Score: 2) by Wootery on Thursday August 31 2017, @04:40PM (2 children)

      by Wootery (2341) on Thursday August 31 2017, @04:40PM (#562175)

      Nice hardware

      Eh? Isn't LabVIEW a software product?

      • (Score: 1, Informative) by Anonymous Coward on Thursday August 31 2017, @06:59PM

        by Anonymous Coward on Thursday August 31 2017, @06:59PM (#562251)

        The developers of LabVIEW, National Instruments, makes a lot of high priced data acquisition hardware that interfaces with LabVIEW.

      • (Score: 2) by LoRdTAW on Thursday August 31 2017, @08:14PM

        by LoRdTAW (3755) on Thursday August 31 2017, @08:14PM (#562288) Journal

        It runs on most of their hardware which looks like a modular PLC rack. You have I/O modules for pretty much everything under the sun.