CVE-2013-5021
Last modified
CVE-2013-5021 is a vulnerability of currently unknown severity. Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.. EPSS estimates a 2.07% chance of exploitation in the next 30 days.
Description
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ni | Labview | <= 2012 |
| Ni | Labwindows | <= 2012 |
| Ni | Measurementstudio | <= 2013 |
| Ni | Teststand | <= 2012 |
| Abb | Datamanager | 1.0.0 |
| Abb | Datamanager | 6.3.6 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-5021?
How severe is CVE-2013-5021?
How do I fix CVE-2013-5021?
Are you affected by CVE-2013-5021?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST