CVE-2013-5022 - Vulnerability Details - OpenCVE

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01404.

Key SSVC decision points have not yet been added.

Vendors	Products
Ni	Labview Labwindows Measurementstudio Teststand

Configuration 1 [-]

OR	cpe:2.3:a:ni:labview::::::::
	cpe:2.3:a:ni:labwindows::::::::
	cpe:2.3:a:ni:measurementstudio::::::::
	cpe:2.3:a:ni:teststand::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2013-4864	Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument
http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-08-06T18:00:00

Updated: 2024-08-06T16:59:41.206Z

Reserved: 2013-07-31T00:00:00

Link: CVE-2013-5022

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-08-06T20:55:05.413

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-5022

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-20T00:00:00", "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-17T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5022", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument", "refsource": "CONFIRM", "url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"}, {"name": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument", "refsource": "CONFIRM", "url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"}, {"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument", "refsource": "CONFIRM", "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:59:41.206Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5022", "datePublished": "2013-08-06T18:00:00", "dateReserved": "2013-07-31T00:00:00", "dateUpdated": "2024-08-06T16:59:41.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*", "matchCriteriaId": "3815CFE4-4E5E-44BB-B206-520C39DE3674", "versionEndIncluding": "2012", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:labwindows:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC46A398-C8F3-49B2-BDDE-20DEA80EC941", "versionEndIncluding": "2012", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:measurementstudio:*:*:*:*:*:*:*:*", "matchCriteriaId": "A12E5F42-B2FC-48F4-8D04-5B59A3869461", "versionEndIncluding": "2013", "vulnerable": true}, {"criteria": "cpe:2.3:a:ni:teststand:*:*:*:*:*:*:*:*", "matchCriteriaId": "68051582-D70F-4B32-A9F9-64A5E33CB481", "versionEndIncluding": "2012", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta (path) en el control de 3D Graph ActiveX en el archivo cw3dgrph.ocx en LabWindows/CVI 2012 SP1 y anteriores, LabVIEW 2012 SP1 y anteriores, y otros productos de National Instruments, permiten a los atacantes remotos crear y ejecutar archivos arbitrarios por medio de una ruta (path) de acceso completa en un argumento para el m\u00e9todo ExportStyle, en conjunci\u00f3n con el contenido del archivo en el valor de la propiedad (a) Caption o (b) FormatString."}], "id": "CVE-2013-5022", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-06T20:55:05.413", "references": [{"source": "cve@mitre.org", "url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://digital.ni.com/public.nsf/allkb/782E4F31442D833186257BD3004AEB47?OpenDocument"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://digital.ni.com/public.nsf/websearch/C4619A438F7E78E486257B360050BD7D?OpenDocument"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}