What is the severity of CVE-2013-5022?

CVE-2013-5022 is classified as a high severity vulnerability due to its potential for remote code execution.

How do I fix CVE-2013-5022?

The fix for CVE-2013-5022 involves upgrading to a patched version of the affected software, specifically versions later than LabWindows/CVI 2012 SP1, LabVIEW 2012 SP1, and the respective versions of Measurement Studio and TestStand.

What products are affected by CVE-2013-5022?

CVE-2013-5022 affects National Instruments LabVIEW, LabWindows/CVI, Measurement Studio, and TestStand versions up to and including 2012 SP1.

What type of vulnerability is CVE-2013-5022?

CVE-2013-5022 is an absolute path traversal vulnerability that allows attackers to execute arbitrary files.

Can CVE-2013-5022 be exploited remotely?

Yes, CVE-2013-5022 can be exploited remotely by attackers who can manipulate input to the vulnerable ActiveX control.

Vulnerability/
CVE-2013-5022

critical

CWE

6/8/2013

6/8/2024

CVE-2013-5022: Path Traversal

First published: Tue Aug 06 2013(Updated: )

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
National Instruments LabVIEW	<=2012
NI LabVIEW	<=2012
NI MeasurementStudio	<=2013
NI TestStand	<=2012

Remedy

http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-5022?
CVE-2013-5022 is classified as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2013-5022?
The fix for CVE-2013-5022 involves upgrading to a patched version of the affected software, specifically versions later than LabWindows/CVI 2012 SP1, LabVIEW 2012 SP1, and the respective versions of Measurement Studio and TestStand.
What products are affected by CVE-2013-5022?
CVE-2013-5022 affects National Instruments LabVIEW, LabWindows/CVI, Measurement Studio, and TestStand versions up to and including 2012 SP1.
What type of vulnerability is CVE-2013-5022?
CVE-2013-5022 is an absolute path traversal vulnerability that allows attackers to execute arbitrary files.
Can CVE-2013-5022 be exploited remotely?
Yes, CVE-2013-5022 can be exploited remotely by attackers who can manipulate input to the vulnerable ActiveX control.

agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/author
agent/references
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/weakness
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ni
canonical/national instruments labview
version/national instruments labview/2012
canonical/ni labview
version/ni labview/2012
canonical/ni measurementstudio
version/ni measurementstudio/2013
canonical/ni teststand
version/ni teststand/2012

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.