CVE-2023-5136

MEDIUM

TopoGrafix DataPlugin - Info Disclosure

Title source: llm

Description

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.

References (1)

Core 1

Core References

Vendor Advisory

https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html

Scores

CVSS v3 5.5

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611 CWE-732

Status published

Products (23)

ni/diadem 2014

ni/diadem 2015 (2 CPE variants)

ni/diadem 2017 (2 CPE variants)

ni/diadem 2018 (2 CPE variants)

ni/diadem 2019 (2 CPE variants)

ni/diadem 2020 (2 CPE variants)

ni/diadem 2021 (2 CPE variants)

ni/diadem 2022 q2 (2 CPE variants)

ni/diadem 2023 q2

ni/flexlogger 2018 r1 (4 CPE variants)

... and 13 more

Published Nov 08, 2023

Tracked Since Feb 18, 2026