Vulnerability Name: | CVE-2013-5021 (CCN-85120) | ||||||||
Assigned: | 2013-06-11 | ||||||||
Published: | 2013-06-11 | ||||||||
Updated: | 2013-09-18 | ||||||||
Summary: | Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-22 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-5021 Source: CONFIRM Type: UNKNOWN http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument Source: CCN Type: National Instruments Web page National Instruments Source: CONFIRM Type: UNKNOWN http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument Source: CCN Type: SA53821 ABB DataManager National Instruments Multiple ActiveX Controls Insecure Method Vulnerabilities Source: CCN Type: BID-60493 National Instruments Multiple ActiveX Controls 'cwui.ocx' Remote Code Execution Vulnerability Source: CONFIRM Type: Vendor Advisory http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf Source: MISC Type: UNKNOWN http://zerodayinitiative.com/advisories/ZDI-13-120/ Source: XF Type: UNKNOWN abb-data-manager-activex-code-execution(85120) Source: CCN Type: ZDI-13-120 ABB DataManager National Instruments Multiple ActiveX Controls cwui.ocx ExportStyle() Method Remote Code Execution Vulnerability | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||
BACK |