CVE-2013-5021: Path Traversal
First published: Tue Aug 06 2013(Updated: )
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| National Instruments LabVIEW | <=2012 | |
| NI LabVIEW | <=2012 | |
| NI MeasurementStudio | <=2013 | |
| NI TestStand | <=2012 | |
| ABB DataManager | =1.0.0 | |
| ABB DataManager | =6.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument
- http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
- http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf
- http://zerodayinitiative.com/advisories/ZDI-13-120/
- http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf
Frequently Asked Questions
What is the severity of CVE-2013-5021?
CVE-2013-5021 has a medium severity rating due to its potential for exploiting absolute path traversal vulnerabilities.
How do I fix CVE-2013-5021?
To mitigate CVE-2013-5021, ensure that you update National Instruments software and ABB DataManager to the latest patched versions.
Which products are affected by CVE-2013-5021?
CVE-2013-5021 affects National Instruments LabVIEW, LabWindows, Measurement Studio, TestStand, and ABB DataManager versions 1.0.0 to 6.3.6.
What type of vulnerability is CVE-2013-5021?
CVE-2013-5021 is classified as an absolute path traversal vulnerability which could allow remote attackers to access restricted files.
Can CVE-2013-5021 be exploited remotely?
Yes, CVE-2013-5021 could potentially be exploited remotely if the vulnerable software is accessible over a network.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ni
- canonical/national instruments labview
- version/national instruments labview/2012
- canonical/ni labview
- version/ni labview/2012
- canonical/ni measurementstudio
- version/ni measurementstudio/2013
- canonical/ni teststand
- version/ni teststand/2012
- vendor/abb
- canonical/abb datamanager
- version/abb datamanager/1.0.0
- version/abb datamanager/6.3.6