CVE-2013-5021Path Traversal in Labview

CWE-22Path Traversal2 documents2 sources
Severity
9.3CRITICALNVD
EPSS
0.7%
top 27.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
NI LabviewNI LabwindowsNI Measurementstudio+2 more
Timeline
PublishedAug 6
Latest updateMay 17

Description

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDabb/datamanager1.0.0, 6.3.6+1
NVDni/labview2012
NVDni/labwindows2012
NVDni/teststand2012

🔴Vulnerability Details

1
GHSA
GHSA-j5xx-ggqq-g4cw: Multiple absolute path traversal vulnerabilities in National Instruments cwui2022-05-17
CVE-2013-5021 — Path Traversal in NI Labview | cvebase