Home » Database

AVID-2026-R1387

Description

Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software (CVE-2024-12740)

Details

Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file.

Reason for inclusion in AVID: CVE-2024-12740 describes a vulnerability in NI Vision software caused by a vulnerable third-party image-processing library, enabling arbitrary code execution when a user opens a crafted file. NI Vision components (e.g., Vision Development Module, Vision Acquisition Software) can be used in AI data capture/processing pipelines, making this a software supply-chain issue relevant to general-purpose AI systems. The report provides explicit CVE details, affected artifacts, and CVSS metrics, offering sufficient evidence for AVID curation.

References

Affected or Relevant Artifacts

  • Developer: NI
  • Deployer: NI
  • Artifact Details:
TypeName
SystemVision Development Module
SystemFlexRIO
SystemNI-IMAQdx
SystemVision Acquisition Software
SystemVision Builder for Automated Inspection
SystemData Record AD
SystemFRC Game Tools

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score7.8
Base Severity🔴 High
Attack VectorLOCAL
Attack Complexity🟢 Low
Privileges RequiredNONE
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality Impact🔴 High
Integrity Impact🔴 High
Availability Impact🔴 High

CWE

IDDescription
CWE-1395CWE-1395 Dependency on Vulnerable Third-Party Component

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2025-01-27
  • Version: 0.3.3
  • AVID Entry