CVE-2013-5021

Summary

CVE	CVE-2013-5021
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-08-06 20:55:00 UTC
Updated	2023-11-07 02:16:00 UTC
Description	Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Abb	Datamanager	1.0.0	All	All	All
Application	Abb	Datamanager	6.3.6	All	All	All
Application	Abb	Datamanager	1.0.0	All	All	All
Application	Abb	Datamanager	6.3.6	All	All	All
Application	Ni	Labview	All	All	All	All
Application	Ni	Labwindows	All	All	All	All
Application	Ni	Measurementstudio	All	All	All	All
Application	Ni	Teststand	All	All	All	All

References

Reference	Source	Link	Tags
What Is the Nature of Software Vulnerability NI-64BG6SWQ-1? - National Instruments	CONFIRM	digital.ni.com
www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798...		www05.abb.com
Zero Day Initiative	MISC	zerodayinitiative.com
Not Found	CONFIRM	www05.abb.com	Vendor Advisory
How Do The NI Q2 2013 Security Updates Affect Me? - National Instruments	CONFIRM	digital.ni.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.