var-201308-0293
Vulnerability from variot

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. (1) CWNumEdit (2) CWGraph (3) CWBoolean (4) CWSlide (5) CWKnob. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within multiple 3rd party CWUI activex controls. CWNumEdit, CWGraph, CWBoolean, CWSlide, and CWKnob all support an ExportStyle() method that allows creation of an arbitrary file with the desired extension and inside an arbitrary location. File content can be controlled by setting a 'Caption' or 'FormatString' property. This vulnerability can be leveraged by an attacker to execute code under the context of the current process. National Instruments is a company dedicated to test measurement, automation and embedded applications. National Instruments' multiple ActiveX control CWUI has security vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, and execute arbitrary code in the application context. National Instruments' multiple ActiveX Controls are prone to a remote code-execution vulnerability caused by an insecure method. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. National Instruments LabWindows/CVI and LabVIEW are products of National Instruments (National Instruments). LabWindows/CVI is a software development platform with ANSI C as the core; LabVIEW is a system design platform. ABB DataManager is a set of data analysis software developed by Swiss ABB company

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0293",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "datamanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "abb",
        "version": "1.0.0"
      },
      {
        "model": "datamanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "abb",
        "version": "6.3.6"
      },
      {
        "model": "labview",
        "scope": null,
        "trust": 1.4,
        "vendor": "national instruments",
        "version": null
      },
      {
        "model": "labwindows/cvi",
        "scope": null,
        "trust": 1.4,
        "vendor": "national instruments",
        "version": null
      },
      {
        "model": "measurementstudio",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2013"
      },
      {
        "model": "labwindows",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2012"
      },
      {
        "model": "teststand",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2012"
      },
      {
        "model": "labview",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ni",
        "version": "2012"
      },
      {
        "model": "datamanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "abb",
        "version": "1 to  6.3.6"
      },
      {
        "model": "datamanager",
        "scope": null,
        "trust": 0.7,
        "vendor": "abb",
        "version": null
      },
      {
        "model": "national instruments",
        "scope": null,
        "trust": 0.6,
        "vendor": "abb",
        "version": null
      },
      {
        "model": "national",
        "scope": null,
        "trust": 0.6,
        "vendor": "national instruments",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "labview",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "labwindows",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "measurementstudio",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "teststand",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "datamanager",
        "version": "1.0.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "datamanager",
        "version": "6.3.6"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2013",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2012",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:abb:datamanager:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:abb:datamanager:6.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrea Micalizzi aka rgod",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "BID",
        "id": "60493"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2013-5021",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-5021",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-5021",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2013-07393",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2013-11806",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-65023",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5021",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2013-5021",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-07393",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-11806",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-066",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65023",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. (1) CWNumEdit (2) CWGraph (3) CWBoolean (4) CWSlide (5) CWKnob. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within multiple 3rd party CWUI activex controls. CWNumEdit, CWGraph, CWBoolean, CWSlide, and CWKnob all support an ExportStyle() method that allows creation of an arbitrary file with the desired extension and inside an arbitrary location. File content can be controlled by setting a \u0027Caption\u0027 or \u0027FormatString\u0027 property. This vulnerability can be leveraged by an attacker to execute code under the context of the current process. National Instruments is a company dedicated to test measurement, automation and embedded applications. National Instruments\u0027 multiple ActiveX control CWUI has security vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, and execute arbitrary code in the application context. National Instruments\u0027 multiple ActiveX Controls are prone to a remote code-execution vulnerability caused by an insecure method. \nAn attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. National Instruments LabWindows/CVI and LabVIEW are products of National Instruments (National Instruments). LabWindows/CVI is a software development platform with ANSI C as the core; LabVIEW is a system design platform. ABB DataManager is a set of data analysis software developed by Swiss ABB company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      }
    ],
    "trust": 4.05
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5021",
        "trust": 4.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120",
        "trust": 3.8
      },
      {
        "db": "BID",
        "id": "60493",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066",
        "trust": 1.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1554",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "CB8A22E8-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "5E6A8F28-1F1E-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "id": "VAR-201308-0293",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      }
    ],
    "trust": 2.2916666699999997
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:14:55.421000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ABBVU-PACT-3BSE072617",
        "trust": 1.5,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
      },
      {
        "title": "How Do The NI Q2 2013 Security Updates Affect Me?",
        "trust": 0.8,
        "url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
      },
      {
        "title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://digital.ni.com/public.nsf/websearchj/a13ef8e8ae2cfaa886257b750076ec0b?opendocument"
      },
      {
        "title": "Patch for National Instruments Multiple ActiveX Control CWUI Remote Code Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/34614"
      },
      {
        "title": "National Instruments multiple products cwui.ocx ActiveX control path traversal vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/38110"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://zerodayinitiative.com/advisories/zdi-13-120/"
      },
      {
        "trust": 1.7,
        "url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
      },
      {
        "trust": 1.4,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
      },
      {
        "trust": 1.1,
        "url": "http://digital.ni.com/public.nsf/allkb/04b876608790082c86257bd1000cc950?opendocument"
      },
      {
        "trust": 1.0,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5021"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5021"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/60493/"
      },
      {
        "trust": 0.6,
        "url": "http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/60493"
      },
      {
        "trust": 0.3,
        "url": "http://www.abb.com/"
      },
      {
        "trust": 0.3,
        "url": "http://support.microsoft.com/kb/240797"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "db": "BID",
        "id": "60493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-08T00:00:00",
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-06-17T00:00:00",
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-06-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "date": "2013-06-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "date": "2013-08-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "date": "2013-06-11T00:00:00",
        "db": "BID",
        "id": "60493"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "date": "2013-08-06T20:55:05.287000",
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "date": "2013-08-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-11T00:00:00",
        "db": "ZDI",
        "id": "ZDI-13-120"
      },
      {
        "date": "2013-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-07393"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      },
      {
        "date": "2013-09-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65023"
      },
      {
        "date": "2015-03-19T09:32:00",
        "db": "BID",
        "id": "60493"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003659"
      },
      {
        "date": "2023-11-07T02:16:25.783000",
        "db": "NVD",
        "id": "CVE-2013-5021"
      },
      {
        "date": "2013-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "National Instruments Multiple products cwui.ocx ActiveX Control Path Traversal Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11806"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "cb8a22e8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "5e6a8f28-1f1e-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-066"
      }
    ],
    "trust": 1.0
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.