Vulnerabilites related to ni - measurementstudio
CVE-2013-5023 (GCVE-0-2013-5023)
Vulnerability from cvelistv5
Published
2013-08-06 18:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument | x_refsource_CONFIRM | |
| http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument | x_refsource_CONFIRM | |
| http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5023",
"datePublished": "2013-08-06T18:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5024 (GCVE-0-2013-5024)
Vulnerability from cvelistv5
Published
2013-08-06 18:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls.
References
| ▼ | URL | Tags |
|---|---|---|
| http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument | x_refsource_CONFIRM | |
| http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument | x_refsource_CONFIRM | |
| http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5024",
"datePublished": "2013-08-06T18:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5022 (GCVE-0-2013-5022)
Vulnerability from cvelistv5
Published
2013-08-06 18:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument | x_refsource_CONFIRM | |
| http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument | x_refsource_CONFIRM | |
| http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5022",
"datePublished": "2013-08-06T18:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5021 (GCVE-0-2013-5021)
Vulnerability from cvelistv5
Published
2013-08-06 18:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf",
"refsource": "CONFIRM",
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-13-120/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
},
{
"name": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5021",
"datePublished": "2013-08-06T18:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-08-06 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | diadem | * | |
| ni | labview | * | |
| ni | labwindows | * | |
| ni | measurementstudio | * | |
| ni | teststand | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:diadem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "651A3465-0A7A-4EE2-B46E-D1E6972767A6",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3815CFE4-4E5E-44BB-B206-520C39DE3674",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC46A398-C8F3-49B2-BDDE-20DEA80EC941",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461",
"versionEndIncluding": "2013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68051582-D70F-4B32-A9F9-64A5E33CB481",
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en un control ActiveX en el componente HelpAsst en NI Help Links in National Instruments LabWindows/CVI, LabVIEW, y otros productos, tiene un impacto desconocido y vectores de ataque remotos."
}
],
"id": "CVE-2013-5023",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-06T20:55:05.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-06 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | measurementstudio | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461",
"versionEndIncluding": "2013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en un control ActiveX en NationalInstruments.Help2.dll en National Instruments NI .NET Class Library Help tiene un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2013-5024",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-06T20:55:05.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/allkb/548965C170D6AA2586257BD3004B146B?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/D8E97E95D59AC17086257B3600508823?OpenDocument"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-06 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | * | |
| ni | labwindows | * | |
| ni | measurementstudio | * | |
| ni | teststand | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3815CFE4-4E5E-44BB-B206-520C39DE3674",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC46A398-C8F3-49B2-BDDE-20DEA80EC941",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461",
"versionEndIncluding": "2013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68051582-D70F-4B32-A9F9-64A5E33CB481",
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de ruta (path) en el control de 3D Graph ActiveX en el archivo cw3dgrph.ocx en LabWindows/CVI 2012 SP1 y anteriores, LabVIEW 2012 SP1 y anteriores, y otros productos de National Instruments, permiten a los atacantes remotos crear y ejecutar archivos arbitrarios por medio de una ruta (path) de acceso completa en un argumento para el m\u00e9todo ExportStyle, en conjunci\u00f3n con el contenido del archivo en el valor de la propiedad (a) Caption o (b) FormatString."
}
],
"id": "CVE-2013-5022",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-06T20:55:05.413",
"references": [
{
"source": "cve@mitre.org",
"url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-06 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ni | labview | * | |
| ni | labwindows | * | |
| ni | measurementstudio | * | |
| ni | teststand | * | |
| abb | datamanager | 1.0.0 | |
| abb | datamanager | 6.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3815CFE4-4E5E-44BB-B206-520C39DE3674",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC46A398-C8F3-49B2-BDDE-20DEA80EC941",
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461",
"versionEndIncluding": "2013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68051582-D70F-4B32-A9F9-64A5E33CB481",
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A711CA4A-494A-4702-A620-7B09F1FA8495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "899330B9-95DB-4229-9BE9-41384016AC12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de ruta (path) en el archivo cwui.ocx de National Instruments , como se usado en National Instruments LabWindows/CVI 2012 SP1 y anteriores, National Instruments LabVIEW 2012 SP1 y anteriores, el componente de Data Analysis en ABB DataManager versi\u00f3n 1 hasta 6.3.6, y otros productos permiten atacantes remotos crear y ejecutar archivos arbitrarios por medio de un acceso de ruta (path) completo en un argumento del m\u00e9todo ExportStyle en el control de (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide o (5) ActiveX CWKnob, en conjunci\u00f3n con el contenido del archivo en el valor de la propiedad (a) Caption o (b) FormatString."
}
],
"id": "CVE-2013-5021",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-06T20:55:05.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201308-0295
Vulnerability from variot
The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. The impact of this issue is currently unknown. We will update this BID as more information becomes available. The following products are affected: Diadem 2012 and prior LabVIEW 2012 and prior LabWindows/CVI 2012 and prior Measurement Studio 2013 and prior TestStand 2012 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "measurementstudio",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "teststand",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "diadem",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "teststand",
"scope": "eq",
"trust": 0.9,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": "eq",
"trust": 0.9,
"vendor": "ni",
"version": "2012"
},
{
"model": "diadem",
"scope": "eq",
"trust": 0.9,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "labwindows/cvi",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "measurementstudio",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
},
{
"model": "measurement studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows/cvi",
"scope": "eq",
"trust": 0.3,
"vendor": "ni",
"version": "2012"
}
],
"sources": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ni:diadem:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2013",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments",
"sources": [
{
"db": "BID",
"id": "61833"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-5023",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5023",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-068",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. \nAttackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. \nThe impact of this issue is currently unknown. We will update this BID as more information becomes available. \nThe following products are affected:\nDiadem 2012 and prior\nLabVIEW 2012 and prior\nLabWindows/CVI 2012 and prior\nMeasurement Studio 2013 and prior\nTestStand 2012 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "BID",
"id": "61833"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5023",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068",
"trust": 0.6
},
{
"db": "BID",
"id": "61833",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
]
},
"id": "VAR-201308-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T13:25:03.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "How Does NI Security Update 67L8IQQW for NI Help Links Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/5c87a3aa7300868986257b3600501fe6?opendocument"
},
{
"title": "How Do The NI Q2 2013 Security Updates Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/a13ef8e8ae2cfaa886257b750076ec0b?opendocument"
},
{
"title": "NI\u30d8\u30eb\u30d7\u30ea\u30f3\u30af\u7528NI\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c867L8IQQW\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/a48f6c57184ff71d86257b5f0069be56?opendocument"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/5c87a3aa7300868986257b3600501fe6?opendocument"
},
{
"trust": 1.0,
"url": "http://digital.ni.com/public.nsf/allkb/e6bc4f119d49a97a86257bd3004fe019?opendocument"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5023"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5023"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.ni.com/"
}
],
"sources": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61833"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"date": "2013-08-06T20:55:05.453000",
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:27:00",
"db": "BID",
"id": "61833"
},
{
"date": "2013-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"date": "2013-09-25T15:06:26.723000",
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments LabWindows/CVI and LabVIEW Of products such as NI Vulnerability in help links",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "61833"
}
],
"trust": 0.3
}
}
var-201308-0296
Vulnerability from variot
An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. The impact of this issue is currently unknown. We will update this BID as more information becomes available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0296",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "measurementstudio",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows/cvi",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "measurementstudio",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2013"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2013",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5024"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments",
"sources": [
{
"db": "BID",
"id": "61835"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5024",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-5024",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5024",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-069",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted (1) key-open or (2) key-close method calls. \nAttackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. \nThe impact of this issue is currently unknown. We will update this BID as more information becomes available",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"db": "BID",
"id": "61835"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5024",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003662",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-069",
"trust": 0.6
},
{
"db": "BID",
"id": "61835",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "61835"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
]
},
"id": "VAR-201308-0296",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T12:21:38.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "How Does NI Security Update 67L8KSQW for NI .NET Class Library Help Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/d8e97e95d59ac17086257b3600508823?opendocument"
},
{
"title": "How Do The NI Q2 2013 Security Updates Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/a13ef8e8ae2cfaa886257b750076ec0b?opendocument"
},
{
"title": "NI .NET\u30af\u30e9\u30b9\u30e9\u30a4\u30d6\u30e9\u30ea\u30d8\u30eb\u30d7\u7528NI\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c867L8KSQW\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/618b869c0b5de8b586257b6c0070da3f?opendocument"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5024"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/d8e97e95d59ac17086257b3600508823?opendocument"
},
{
"trust": 1.0,
"url": "http://digital.ni.com/public.nsf/allkb/548965c170d6aa2586257bd3004b146b?opendocument"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5024"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5024"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.ni.com/"
}
],
"sources": [
{
"db": "BID",
"id": "61835"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "61835"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61835"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"date": "2013-08-06T20:55:05.477000",
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"date": "2013-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:31:00",
"db": "BID",
"id": "61835"
},
{
"date": "2013-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003662"
},
{
"date": "2013-09-25T15:05:58.160000",
"db": "NVD",
"id": "CVE-2013-5024"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-069"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments LabWindows/CVI of NI .NET Vulnerability in class library help",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003662"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "61835"
}
],
"trust": 0.3
}
}
var-201308-0293
Vulnerability from variot
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. (1) CWNumEdit (2) CWGraph (3) CWBoolean (4) CWSlide (5) CWKnob. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within multiple 3rd party CWUI activex controls. CWNumEdit, CWGraph, CWBoolean, CWSlide, and CWKnob all support an ExportStyle() method that allows creation of an arbitrary file with the desired extension and inside an arbitrary location. File content can be controlled by setting a 'Caption' or 'FormatString' property. This vulnerability can be leveraged by an attacker to execute code under the context of the current process. National Instruments is a company dedicated to test measurement, automation and embedded applications. National Instruments' multiple ActiveX control CWUI has security vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, and execute arbitrary code in the application context. National Instruments' multiple ActiveX Controls are prone to a remote code-execution vulnerability caused by an insecure method. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. National Instruments LabWindows/CVI and LabVIEW are products of National Instruments (National Instruments). LabWindows/CVI is a software development platform with ANSI C as the core; LabVIEW is a system design platform. ABB DataManager is a set of data analysis software developed by Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0293",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "datamanager",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "1.0.0"
},
{
"model": "datamanager",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "6.3.6"
},
{
"model": "labview",
"scope": null,
"trust": 1.4,
"vendor": "national instruments",
"version": null
},
{
"model": "labwindows/cvi",
"scope": null,
"trust": 1.4,
"vendor": "national instruments",
"version": null
},
{
"model": "measurementstudio",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "teststand",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "datamanager",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1 to 6.3.6"
},
{
"model": "datamanager",
"scope": null,
"trust": 0.7,
"vendor": "abb",
"version": null
},
{
"model": "national instruments",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": "national",
"scope": null,
"trust": 0.6,
"vendor": "national instruments",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "labview",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "labwindows",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "measurementstudio",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "teststand",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "datamanager",
"version": "1.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "datamanager",
"version": "6.3.6"
}
],
"sources": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2013",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5021"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi aka rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "BID",
"id": "60493"
}
],
"trust": 1.0
},
"cve": "CVE-2013-5021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-5021",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-5021",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-07393",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-11806",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-65023",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5021",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2013-5021",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-07393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-11806",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-066",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-65023",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "VULHUB",
"id": "VHN-65023"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. (1) CWNumEdit (2) CWGraph (3) CWBoolean (4) CWSlide (5) CWKnob. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within multiple 3rd party CWUI activex controls. CWNumEdit, CWGraph, CWBoolean, CWSlide, and CWKnob all support an ExportStyle() method that allows creation of an arbitrary file with the desired extension and inside an arbitrary location. File content can be controlled by setting a \u0027Caption\u0027 or \u0027FormatString\u0027 property. This vulnerability can be leveraged by an attacker to execute code under the context of the current process. National Instruments is a company dedicated to test measurement, automation and embedded applications. National Instruments\u0027 multiple ActiveX control CWUI has security vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, and execute arbitrary code in the application context. National Instruments\u0027 multiple ActiveX Controls are prone to a remote code-execution vulnerability caused by an insecure method. \nAn attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. National Instruments LabWindows/CVI and LabVIEW are products of National Instruments (National Instruments). LabWindows/CVI is a software development platform with ANSI C as the core; LabVIEW is a system design platform. ABB DataManager is a set of data analysis software developed by Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "BID",
"id": "60493"
},
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-65023"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5021",
"trust": 4.5
},
{
"db": "ZDI",
"id": "ZDI-13-120",
"trust": 3.8
},
{
"db": "BID",
"id": "60493",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201308-066",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2013-11806",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-07393",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1554",
"trust": 0.7
},
{
"db": "IVD",
"id": "CB8A22E8-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "5E6A8F28-1F1E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-65023",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "VULHUB",
"id": "VHN-65023"
},
{
"db": "BID",
"id": "60493"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
]
},
"id": "VAR-201308-0293",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "VULHUB",
"id": "VHN-65023"
}
],
"trust": 2.2916666699999997
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
}
]
},
"last_update_date": "2023-12-18T13:14:55.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-PACT-3BSE072617",
"trust": 1.5,
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
},
{
"title": "How Do The NI Q2 2013 Security Updates Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/a13ef8e8ae2cfaa886257b750076ec0b?opendocument"
},
{
"title": "Patch for National Instruments Multiple ActiveX Control CWUI Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34614"
},
{
"title": "National Instruments multiple products cwui.ocx ActiveX control path traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/38110"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65023"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"db": "NVD",
"id": "CVE-2013-5021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://zerodayinitiative.com/advisories/zdi-13-120/"
},
{
"trust": 1.7,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"trust": 1.4,
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
},
{
"trust": 1.1,
"url": "http://digital.ni.com/public.nsf/allkb/04b876608790082c86257bd1000cc950?opendocument"
},
{
"trust": 1.0,
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5021"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5021"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60493/"
},
{
"trust": 0.6,
"url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60493"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "VULHUB",
"id": "VHN-65023"
},
{
"db": "BID",
"id": "60493"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"db": "VULHUB",
"id": "VHN-65023"
},
{
"db": "BID",
"id": "60493"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-08T00:00:00",
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-17T00:00:00",
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-11T00:00:00",
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"date": "2013-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"date": "2013-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"date": "2013-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-65023"
},
{
"date": "2013-06-11T00:00:00",
"db": "BID",
"id": "60493"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"date": "2013-08-06T20:55:05.287000",
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"date": "2013-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-11T00:00:00",
"db": "ZDI",
"id": "ZDI-13-120"
},
{
"date": "2013-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07393"
},
{
"date": "2013-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11806"
},
{
"date": "2013-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-65023"
},
{
"date": "2015-03-19T09:32:00",
"db": "BID",
"id": "60493"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003659"
},
{
"date": "2023-11-07T02:16:25.783000",
"db": "NVD",
"id": "CVE-2013-5021"
},
{
"date": "2013-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments Multiple products cwui.ocx ActiveX Control Path Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11806"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-066"
}
],
"trust": 1.0
}
}
var-201308-0294
Vulnerability from variot
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value. Attackers can exploit this issue to create and execute arbitrary files in the context of the application (typically Internet Explorer) that is using the ActiveX control, which may aid in a remote code execution. The following products are affected: LabVIEW 2012 and prior LabWindows/CVI 2012 and prior Measurement Studio 2013 and prior TestStand 2012 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "teststand",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "measurementstudio",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2013"
},
{
"model": "labview",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "labwindows",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "labwindows/cvi",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "teststand",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
},
{
"model": "measurementstudio",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2013",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2012",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi aka rgod working with Hewlett Packard\u0027s Zero Day Initiative.",
"sources": [
{
"db": "BID",
"id": "61828"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-5022",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5022",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-5022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-067",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value. \nAttackers can exploit this issue to create and execute arbitrary files in the context of the application (typically Internet Explorer) that is using the ActiveX control, which may aid in a remote code execution. \nThe following products are affected:\nLabVIEW 2012 and prior\nLabWindows/CVI 2012 and prior\nMeasurement Studio 2013 and prior\nTestStand 2012 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "BID",
"id": "61828"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5022",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067",
"trust": 0.6
},
{
"db": "BID",
"id": "61828",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "61828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"id": "VAR-201308-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T12:52:06.161000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "How Does NI Security Update 67L8L0QW for cw3dgrph.ocx Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/c4619a438f7e78e486257b360050bd7d?opendocument"
},
{
"title": "How Do The NI Q2 2013 Security Updates Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/a13ef8e8ae2cfaa886257b750076ec0b?opendocument"
},
{
"title": "cw3dgrph.ocx\u7528NI\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c867L8L0QW\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/73fc56053f95119a86257b6c0073cc03?opendocument"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/c4619a438f7e78e486257b360050bd7d?opendocument"
},
{
"trust": 1.0,
"url": "http://digital.ni.com/public.nsf/allkb/782e4f31442d833186257bd3004aeb47?opendocument"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5022"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5022"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
}
],
"sources": [
{
"db": "BID",
"id": "61828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "61828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61828"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"date": "2013-08-06T20:55:05.413000",
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:44:00",
"db": "BID",
"id": "61828"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003660"
},
{
"date": "2013-09-18T03:30:09.033000",
"db": "NVD",
"id": "CVE-2013-5022"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments LabWindows/CVI and LabVIEW Used in products such as cw3dgrph.ocx Vulnerable to absolute path traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-067"
}
],
"trust": 0.6
}
}