cvelistv5 - cve-2013-5021

CVE-2013-5021 (GCVE-0-2013-5021)

Vulnerability from cvelistv5 – Published: 2013-08-06 18:00 – Updated: 2024-08-06 16:59

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www05.abb.com/global/scot/scot203.nsf/veri…	x_refsource_CONFIRM
	http://zerodayinitiative.com/advisories/ZDI-13-120/	x_refsource_MISC
	http://digital.ni.com/public.nsf/allkb/04B8766087…	x_refsource_CONFIRM
	http://digital.ni.com/public.nsf/websearch/507DEC…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:59:41.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-17T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf",
              "refsource": "CONFIRM",
              "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-13-120/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
            },
            {
              "name": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument",
              "refsource": "CONFIRM",
              "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
            },
            {
              "name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
              "refsource": "CONFIRM",
              "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5021",
    "datePublished": "2013-08-06T18:00:00",
    "dateReserved": "2013-07-31T00:00:00",
    "dateUpdated": "2024-08-06T16:59:41.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2012\", \"matchCriteriaId\": \"3815CFE4-4E5E-44BB-B206-520C39DE3674\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2012\", \"matchCriteriaId\": \"EC46A398-C8F3-49B2-BDDE-20DEA80EC941\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2013\", \"matchCriteriaId\": \"A12E5F42-B2FC-48F4-8D04-5B59A3869461\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2012\", \"matchCriteriaId\": \"68051582-D70F-4B32-A9F9-64A5E33CB481\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A711CA4A-494A-4702-A620-7B09F1FA8495\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"899330B9-95DB-4229-9BE9-41384016AC12\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de salto de ruta (path) en el archivo cwui.ocx de National Instruments , como se usado en National Instruments LabWindows/CVI 2012 SP1 y anteriores, National Instruments LabVIEW 2012 SP1 y anteriores, el componente de Data Analysis en ABB DataManager versi\\u00f3n 1 hasta 6.3.6, y otros productos permiten atacantes remotos crear y ejecutar archivos arbitrarios por medio de un acceso de ruta (path) completo en un argumento del m\\u00e9todo ExportStyle en el control de (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide o (5) ActiveX CWKnob, en conjunci\\u00f3n con el contenido del archivo en el valor de la propiedad (a) Caption  o (b) FormatString.\"}]",
      "id": "CVE-2013-5021",
      "lastModified": "2024-11-21T01:56:54.917",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2013-08-06T20:55:05.287",
      "references": "[{\"url\": \"http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://zerodayinitiative.com/advisories/ZDI-13-120/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://zerodayinitiative.com/advisories/ZDI-13-120/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5021\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-08-06T20:55:05.287\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de salto de ruta (path) en el archivo cwui.ocx de National Instruments , como se usado en National Instruments LabWindows/CVI 2012 SP1 y anteriores, National Instruments LabVIEW 2012 SP1 y anteriores, el componente de Data Analysis en ABB DataManager versi\u00f3n 1 hasta 6.3.6, y otros productos permiten atacantes remotos crear y ejecutar archivos arbitrarios por medio de un acceso de ruta (path) completo en un argumento del m\u00e9todo ExportStyle en el control de (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide o (5) ActiveX CWKnob, en conjunci\u00f3n con el contenido del archivo en el valor de la propiedad (a) Caption  o (b) FormatString.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2012\",\"matchCriteriaId\":\"3815CFE4-4E5E-44BB-B206-520C39DE3674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2012\",\"matchCriteriaId\":\"EC46A398-C8F3-49B2-BDDE-20DEA80EC941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2013\",\"matchCriteriaId\":\"A12E5F42-B2FC-48F4-8D04-5B59A3869461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2012\",\"matchCriteriaId\":\"68051582-D70F-4B32-A9F9-64A5E33CB481\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A711CA4A-494A-4702-A620-7B09F1FA8495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"899330B9-95DB-4229-9BE9-41384016AC12\"}]}]}],\"references\":[{\"url\":\"http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-13-120/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-13-120/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2013-5021

Vulnerability from fkie_nvd - Published: 2013-08-06 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument
	cve@mitre.org	http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
	cve@mitre.org	http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf
	cve@mitre.org	http://zerodayinitiative.com/advisories/ZDI-13-120/
	af854a3a-2127-422b-91ae-364da2661108	http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument
	af854a3a-2127-422b-91ae-364da2661108	http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
	af854a3a-2127-422b-91ae-364da2661108	http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf
	af854a3a-2127-422b-91ae-364da2661108	http://zerodayinitiative.com/advisories/ZDI-13-120/

Impacted products

Vendor	Product	Version
ni	labview	*
ni	labwindows	*
ni	measurementstudio	*
ni	teststand	*
abb	datamanager	1.0.0
abb	datamanager	6.3.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3815CFE4-4E5E-44BB-B206-520C39DE3674",
              "versionEndIncluding": "2012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC46A398-C8F3-49B2-BDDE-20DEA80EC941",
              "versionEndIncluding": "2012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461",
              "versionEndIncluding": "2013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68051582-D70F-4B32-A9F9-64A5E33CB481",
              "versionEndIncluding": "2012",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A711CA4A-494A-4702-A620-7B09F1FA8495",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "899330B9-95DB-4229-9BE9-41384016AC12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de salto de ruta (path) en el archivo cwui.ocx de National Instruments , como se usado en National Instruments LabWindows/CVI 2012 SP1 y anteriores, National Instruments LabVIEW 2012 SP1 y anteriores, el componente de Data Analysis en ABB DataManager versi\u00f3n 1 hasta 6.3.6, y otros productos permiten atacantes remotos crear y ejecutar archivos arbitrarios por medio de un acceso de ruta (path) completo en un argumento del m\u00e9todo ExportStyle en el control de (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide o (5) ActiveX CWKnob, en conjunci\u00f3n con el contenido del archivo en el valor de la propiedad (a) Caption  o (b) FormatString."
    }
  ],
  "id": "CVE-2013-5021",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-08-06T20:55:05.287",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201308-0293

Vulnerability from variot - Updated: 2023-12-18 13:14

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. (1) CWNumEdit (2) CWGraph (3) CWBoolean (4) CWSlide (5) CWKnob. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within multiple 3rd party CWUI activex controls. CWNumEdit, CWGraph, CWBoolean, CWSlide, and CWKnob all support an ExportStyle() method that allows creation of an arbitrary file with the desired extension and inside an arbitrary location. File content can be controlled by setting a 'Caption' or 'FormatString' property. This vulnerability can be leveraged by an attacker to execute code under the context of the current process. National Instruments is a company dedicated to test measurement, automation and embedded applications. National Instruments' multiple ActiveX control CWUI has security vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, and execute arbitrary code in the application context. National Instruments' multiple ActiveX Controls are prone to a remote code-execution vulnerability caused by an insecure method. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. National Instruments LabWindows/CVI and LabVIEW are products of National Instruments (National Instruments). LabWindows/CVI is a software development platform with ANSI C as the core; LabVIEW is a system design platform. ABB DataManager is a set of data analysis software developed by Swiss ABB company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0293",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "datamanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "abb",
        "version": "1.0.0"
      },
      {
        "model": "datamanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "abb",
        "version": "6.3.6"
      },
      {
        "model": "labview",
        "scope": null,
        "trust": 1.4,
        "vendor": "national instruments",
        "version": null
      },
      {
        "model": "labwindows/cvi",
        "scope": null,
        "trust": 1.4,
        "vendor": "national instruments",
        "version": null
      },
      {
        "model": "measurementstudio",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2013"
      },
      {
        "model": "labwindows",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2012"
      },
      {
        "model": "teststand",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2012"
      },
      {
        "model": "labview",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2012"
      },
      {
        "model": "datamanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "abb",
        "version": "1 to  6.3.6"
      },
      {
        "model": "datamanager",
        "scope": null,
        "trust": 0.7,
        "vendor": "abb",
        "version": null
      },
      {
        "model": "national instruments",
        "scope": null,
        "trust": 0.6,
        "vendor": "abb",
        "version": null
      },
      {
        "model": "national",
        "scope": null,
        "trust": 0.6,
        "vendor": "national instruments",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "labview",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "labwindows",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "measurementstudio",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "teststand",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "datamanager",
        "version": "1.0.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "datamanager",
        "version": "6.3.6"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2013",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrea Micalizzi aka rgod",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "BID",
        "id": "60493"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2013-5021",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-5021",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-5021",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2013-07393",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2013-11806",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-65023",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5021",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2013-5021",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-07393",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-11806",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-066",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65023",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. (1) CWNumEdit (2) CWGraph (3) CWBoolean (4) CWSlide (5) CWKnob. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within multiple 3rd party CWUI activex controls. CWNumEdit, CWGraph, CWBoolean, CWSlide, and CWKnob all support an ExportStyle() method that allows creation of an arbitrary file with the desired extension and inside an arbitrary location. File content can be controlled by setting a \u0027Caption\u0027 or \u0027FormatString\u0027 property. This vulnerability can be leveraged by an attacker to execute code under the context of the current process. National Instruments is a company dedicated to test measurement, automation and embedded applications. National Instruments\u0027 multiple ActiveX control CWUI has security vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, and execute arbitrary code in the application context. National Instruments\u0027 multiple ActiveX Controls are prone to a remote code-execution vulnerability caused by an insecure method. \nAn attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. National Instruments LabWindows/CVI and LabVIEW are products of National Instruments (National Instruments). LabWindows/CVI is a software development platform with ANSI C as the core; LabVIEW is a system design platform. ABB DataManager is a set of data analysis software developed by Swiss ABB company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      }
    ],
    "trust": 4.05
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5021",
        "trust": 4.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "60493",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066",
        "trust": 1.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1554",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "CB8A22E8-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "5E6A8F28-1F1E-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "id": "VAR-201308-0293",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      }
    ],
    "trust": 2.2916666699999997
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:14:55.421000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ABBVU-PACT-3BSE072617",
        "trust": 1.5,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
      },
      {
        "title": "How Do The NI Q2 2013 Security Updates Affect Me?",
        "trust": 0.8,
        "url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
      },
      {
        "title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://digital.ni.com/public.nsf/websearchj/a13ef8e8ae2cfaa886257b750076ec0b?opendocument"
      },
      {
        "title": "Patch for National Instruments Multiple ActiveX Control CWUI Remote Code Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/34614"
      },
      {
        "title": "National Instruments multiple products cwui.ocx ActiveX control path traversal vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/38110"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://zerodayinitiative.com/advisories/zdi-13-120/"
      },
      {
        "trust": 1.7,
        "url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
      },
      {
        "trust": 1.4,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://digital.ni.com/public.nsf/allkb/04b876608790082c86257bd1000cc950?opendocument"
      },
      {
        "trust": 1.0,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5021"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5021"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/60493/"
      },
      {
        "trust": 0.6,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/60493"
      },
      {
        "trust": 0.3,
        "url": "http://www.abb.com/"
      },
      {
        "trust": 0.3,
        "url": "http://support.microsoft.com/kb/240797"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-08T00:00:00",
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-06-17T00:00:00",
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-06-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "date": "2013-06-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "date": "2013-08-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "date": "2013-06-11T00:00:00",
        "db": "BID",
        "id": "60493"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "date": "2013-08-06T20:55:05.287000",
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "date": "2013-08-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "date": "2013-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "date": "2013-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "date": "2015-03-19T09:32:00",
        "db": "BID",
        "id": "60493"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "date": "2023-11-07T02:16:25.783000",
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "date": "2013-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "National Instruments Multiple products cwui.ocx ActiveX Control Path Traversal Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ],
    "trust": 1.0
  }
}

GSD-2013-5021

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-5021

Aliases

CVE-2013-5021

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5021",
    "description": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.",
    "id": "GSD-2013-5021"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5021"
      ],
      "details": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.",
      "id": "GSD-2013-5021",
      "modified": "2023-12-13T01:22:21.554498Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-5021",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf",
            "refsource": "CONFIRM",
            "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
          },
          {
            "name": "http://zerodayinitiative.com/advisories/ZDI-13-120/",
            "refsource": "MISC",
            "url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
          },
          {
            "name": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument",
            "refsource": "CONFIRM",
            "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
          },
          {
            "name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
            "refsource": "CONFIRM",
            "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2013",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5021"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-13-120/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://zerodayinitiative.com/advisories/ZDI-13-120/"
            },
            {
              "name": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
            },
            {
              "name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
            },
            {
              "name": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2013-09-18T03:30Z",
      "publishedDate": "2013-08-06T20:55Z"
    }
  }
}

GHSA-J5XX-GGQQ-G4CW

Vulnerability from github – Published: 2022-05-17 05:04 – Updated: 2025-04-11 04:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-06T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.",
  "id": "GHSA-j5xx-ggqq-g4cw",
  "modified": "2025-04-11T04:12:40Z",
  "published": "2022-05-17T05:04:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5021"
    },
    {
      "type": "WEB",
      "url": "http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument"
    },
    {
      "type": "WEB",
      "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
    },
    {
      "type": "WEB",
      "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf"
    },
    {
      "type": "WEB",
      "url": "http://zerodayinitiative.com/advisories/ZDI-13-120"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-5021 (GCVE-0-2013-5021)

FKIE_CVE-2013-5021

VAR-201308-0293

GSD-2013-5021

GHSA-J5XX-GGQQ-G4CW

Tags

Sightings

Nomenclature