CVE-2013-5022 — Path Traversal in Labview

CWE-22 — Path Traversal2 documents2 sources

Severity

10.0CRITICALNVD

EPSS

1.4%

top 19.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NI Labview NI Labwindows NI Measurementstudio +1 more

Timeline

PublishedAug 6

Latest updateMay 17

Description

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDni/labview2012

▶NVDni/labwindows2012

▶NVDni/teststand2012

▶NVDni/measurementstudio2013

Patches

Patch: digital.ni.com ↗Patch: digital.ni.com ↗

🔴Vulnerability Details

GHSA

GHSA-2mcw-74cw-v9cj: Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph↗2022-05-17

▶