CVE-2013-5021

EPSS 0.74%
Published 06.08.2013 20:55:05
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Ni ≫ Labview Version <= 2012

Ni ≫ Labwindows Version <= 2012

Ni ≫ Measurementstudio Version <= 2013

Ni ≫ Teststand Version <= 2012

Abb ≫ Datamanager Version1.0.0

Abb ≫ Datamanager Version6.3.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.74%	0.719

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument

http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument

http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf

http://zerodayinitiative.com/advisories/ZDI-13-120/

https://nvd.nist.gov/vuln/detail/CVE-2013-5021

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-5021

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-5021

EUVD