PT-2013-5332 · Abb+1 · Data Manager+2
Andrea Micalizzi
+1
·
Published
2013-06-11
·
Updated
2013-09-18
·
CVE-2013-5021
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
National Instruments LabWindows/CVI versions prior to 2012 SP1
National Instruments LabVIEW versions prior to 2012 SP1
ABB DataManager versions 1 through 6.3.6
Description
The issue allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the
ExportStyle method in various ActiveX controls, including CWNumEdit, CWGraph, CWBoolean, CWSlide, or CWKnob, in conjunction with file content in the Caption or FormatString property value.Recommendations
For National Instruments LabWindows/CVI versions prior to 2012 SP1, update to a version later than 2012 SP1.
For National Instruments LabVIEW versions prior to 2012 SP1, update to a version later than 2012 SP1.
For ABB DataManager versions 1 through 6.3.6, consider disabling the
ExportStyle method in the affected ActiveX controls as a temporary workaround until a patch is available.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Data Manager
Labview
Labwindows/Cvi