Description
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://www05.abb.com/global/scot/scot203.nsf/veritydisplay/5975a8a86c82eec2c125798e00551522/%24file/SECURITY_BULLETIN_-_ABBVU-PACT-3BSE072617_DataManager_Vulnerability.pdf
Various Sources x_refsource_confirm
http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-13-120/
Various Sources x_refsource_confirm
http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument
Scores
EPSS
0.0074
EPSS Percentile
73.1%
Details
CWE
CWE-22
Status
published
Products (6)
abb/datamanager
1.0.0
abb/datamanager
6.3.6
ni/labview
< 2012
ni/labwindows
< 2012
ni/measurementstudio
< 2013
ni/teststand
< 2012
Published
Aug 06, 2013
Tracked Since
Feb 18, 2026