ID

VAR-201308-0293


CVE

CVE-2013-5021


TITLE

National Instruments Multiple products cwui.ocx ActiveX Control Path Traversal Vulnerability

Trust: 0.8

sources: IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11806

DESCRIPTION

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. (1) CWNumEdit (2) CWGraph (3) CWBoolean (4) CWSlide (5) CWKnob. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within multiple 3rd party CWUI activex controls. CWNumEdit, CWGraph, CWBoolean, CWSlide, and CWKnob all support an ExportStyle() method that allows creation of an arbitrary file with the desired extension and inside an arbitrary location. File content can be controlled by setting a 'Caption' or 'FormatString' property. This vulnerability can be leveraged by an attacker to execute code under the context of the current process. National Instruments is a company dedicated to test measurement, automation and embedded applications. National Instruments' multiple ActiveX control CWUI has security vulnerabilities that allow an attacker to build malicious web pages, entice users to parse, and execute arbitrary code in the application context. National Instruments' multiple ActiveX Controls are prone to a remote code-execution vulnerability caused by an insecure method. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. National Instruments LabWindows/CVI and LabVIEW are products of National Instruments (National Instruments). LabWindows/CVI is a software development platform with ANSI C as the core; LabVIEW is a system design platform. ABB DataManager is a set of data analysis software developed by Swiss ABB company

Trust: 4.05

sources: NVD: CVE-2013-5021 // JVNDB: JVNDB-2013-003659 // ZDI: ZDI-13-120 // CNVD: CNVD-2013-07393 // CNVD: CNVD-2013-11806 // BID: 60493 // IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d // IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d // VULHUB: VHN-65023

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d // IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07393 // CNVD: CNVD-2013-11806

AFFECTED PRODUCTS

vendor:abbmodel:datamanagerscope:eqversion:1.0.0

Trust: 1.6

vendor:abbmodel:datamanagerscope:eqversion:6.3.6

Trust: 1.6

vendor:national instrumentsmodel:labviewscope: - version: -

Trust: 1.4

vendor:national instrumentsmodel:labwindows/cviscope: - version: -

Trust: 1.4

vendor:nimodel:teststandscope:lteversion:2012

Trust: 1.0

vendor:nimodel:labwindowsscope:lteversion:2012

Trust: 1.0

vendor:nimodel:labviewscope:lteversion:2012

Trust: 1.0

vendor:nimodel:measurementstudioscope:lteversion:2013

Trust: 1.0

vendor:abbmodel:datamanagerscope:eqversion:1 to 6.3.6

Trust: 0.8

vendor:abbmodel:datamanagerscope: - version: -

Trust: 0.7

vendor:abbmodel:national instrumentsscope: - version: -

Trust: 0.6

vendor:national instrumentsmodel:nationalscope: - version: -

Trust: 0.6

vendor:labviewmodel: - scope:eqversion:*

Trust: 0.4

vendor:labwindowsmodel: - scope:eqversion:*

Trust: 0.4

vendor:measurementstudiomodel: - scope:eqversion:*

Trust: 0.4

vendor:teststandmodel: - scope:eqversion:*

Trust: 0.4

vendor:datamanagermodel: - scope:eqversion:1.0.0

Trust: 0.4

vendor:datamanagermodel: - scope:eqversion:6.3.6

Trust: 0.4

sources: IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d // IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d // ZDI: ZDI-13-120 // CNVD: CNVD-2013-07393 // CNVD: CNVD-2013-11806 // JVNDB: JVNDB-2013-003659 // CNNVD: CNNVD-201308-066 // NVD: CVE-2013-5021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5021
value: HIGH

Trust: 1.0

NVD: CVE-2013-5021
value: HIGH

Trust: 0.8

ZDI: CVE-2013-5021
value: HIGH

Trust: 0.7

CNVD: CNVD-2013-07393
value: HIGH

Trust: 0.6

CNVD: CNVD-2013-11806
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201308-066
value: CRITICAL

Trust: 0.6

IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-65023
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5021
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2013-5021
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2013-07393
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2013-11806
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-65023
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d // IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d // ZDI: ZDI-13-120 // CNVD: CNVD-2013-07393 // CNVD: CNVD-2013-11806 // VULHUB: VHN-65023 // JVNDB: JVNDB-2013-003659 // CNNVD: CNNVD-201308-066 // NVD: CVE-2013-5021

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-65023 // JVNDB: JVNDB-2013-003659 // NVD: CVE-2013-5021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-066

TYPE

Path traversal

Trust: 1.0

sources: IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d // IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201308-066

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003659

PATCH

title:ABBVU-PACT-3BSE072617url:http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf

Trust: 1.5

title:How Do The NI Q2 2013 Security Updates Affect Me?url:http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument

Trust: 0.8

title:NI Q2 2013セキュリティアップデートについてurl:http://digital.ni.com/public.nsf/websearchj/A13EF8E8AE2CFAA886257B750076EC0B?OpenDocument

Trust: 0.8

title:Patch for National Instruments Multiple ActiveX Control CWUI Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/34614

Trust: 0.6

title:National Instruments multiple products cwui.ocx ActiveX control path traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/38110

Trust: 0.6

sources: ZDI: ZDI-13-120 // CNVD: CNVD-2013-07393 // CNVD: CNVD-2013-11806 // JVNDB: JVNDB-2013-003659

EXTERNAL IDS

db:NVDid:CVE-2013-5021

Trust: 4.5

db:ZDIid:ZDI-13-120

Trust: 3.8

db:BIDid:60493

Trust: 1.6

db:CNNVDid:CNNVD-201308-066

Trust: 1.1

db:CNVDid:CNVD-2013-11806

Trust: 0.8

db:CNVDid:CNVD-2013-07393

Trust: 0.8

db:JVNDBid:JVNDB-2013-003659

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1554

Trust: 0.7

db:IVDid:CB8A22E8-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:5E6A8F28-1F1E-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-65023

Trust: 0.1

sources: IVD: cb8a22e8-2352-11e6-abef-000c29c66e3d // IVD: 5e6a8f28-1f1e-11e6-abef-000c29c66e3d // ZDI: ZDI-13-120 // CNVD: CNVD-2013-07393 // CNVD: CNVD-2013-11806 // VULHUB: VHN-65023 // BID: 60493 // JVNDB: JVNDB-2013-003659 // CNNVD: CNNVD-201308-066 // NVD: CVE-2013-5021

REFERENCES

url:http://zerodayinitiative.com/advisories/zdi-13-120/

Trust: 3.1

url:http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument

Trust: 1.7

url:http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/$file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf

Trust: 1.4

url:http://digital.ni.com/public.nsf/allkb/04b876608790082c86257bd1000cc950?opendocument

Trust: 1.1

url:http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/security_bulletin_-_abbvu-pact-3bse072617_datamanager_vulnerability.pdf

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5021

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5021

Trust: 0.8

url:http://www.securityfocus.com/bid/60493/

Trust: 0.6

url:http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/

Trust: 0.6

url:http://www.securityfocus.com/bid/60493

Trust: 0.6

url:http://www.abb.com/

Trust: 0.3

url:http://support.microsoft.com/kb/240797

Trust: 0.3

sources: ZDI: ZDI-13-120 // CNVD: CNVD-2013-07393 // CNVD: CNVD-2013-11806 // VULHUB: VHN-65023 // BID: 60493 // JVNDB: JVNDB-2013-003659 // CNNVD: CNNVD-201308-066 // NVD: CVE-2013-5021

CREDITS

Andrea Micalizzi aka rgod

Trust: 1.0

sources: ZDI: ZDI-13-120 // BID: 60493

SOURCES

db:IVDid:cb8a22e8-2352-11e6-abef-000c29c66e3d
db:IVDid:5e6a8f28-1f1e-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-13-120
db:CNVDid:CNVD-2013-07393
db:CNVDid:CNVD-2013-11806
db:VULHUBid:VHN-65023
db:BIDid:60493
db:JVNDBid:JVNDB-2013-003659
db:CNNVDid:CNNVD-201308-066
db:NVDid:CVE-2013-5021

LAST UPDATE DATE

2024-08-14T15:35:12.725000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-13-120date:2013-06-11T00:00:00
db:CNVDid:CNVD-2013-07393date:2013-06-19T00:00:00
db:CNVDid:CNVD-2013-11806date:2013-08-08T00:00:00
db:VULHUBid:VHN-65023date:2013-09-18T00:00:00
db:BIDid:60493date:2015-03-19T09:32:00
db:JVNDBid:JVNDB-2013-003659date:2013-08-08T00:00:00
db:CNNVDid:CNNVD-201308-066date:2013-09-26T00:00:00
db:NVDid:CVE-2013-5021date:2023-11-07T02:16:25.783

SOURCES RELEASE DATE

db:IVDid:cb8a22e8-2352-11e6-abef-000c29c66e3ddate:2013-08-08T00:00:00
db:IVDid:5e6a8f28-1f1e-11e6-abef-000c29c66e3ddate:2013-06-17T00:00:00
db:ZDIid:ZDI-13-120date:2013-06-11T00:00:00
db:CNVDid:CNVD-2013-07393date:2013-06-17T00:00:00
db:CNVDid:CNVD-2013-11806date:2013-08-08T00:00:00
db:VULHUBid:VHN-65023date:2013-08-06T00:00:00
db:BIDid:60493date:2013-06-11T00:00:00
db:JVNDBid:JVNDB-2013-003659date:2013-08-08T00:00:00
db:CNNVDid:CNNVD-201308-066date:2013-08-23T00:00:00
db:NVDid:CVE-2013-5021date:2013-08-06T20:55:05.287