Search criteria
5 vulnerabilities found for DIAdem by NI
VAR-201308-0295
Vulnerability from variot - Updated: 2025-04-11 23:17The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. The impact of this issue is currently unknown. We will update this BID as more information becomes available. The following products are affected: Diadem 2012 and prior LabVIEW 2012 and prior LabWindows/CVI 2012 and prior Measurement Studio 2013 and prior TestStand 2012 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "measurementstudio",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2013"
},
{
"model": "labview",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "teststand",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "diadem",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "labwindows",
"scope": "lte",
"trust": 1.0,
"vendor": "ni",
"version": "2012"
},
{
"model": "teststand",
"scope": "eq",
"trust": 0.9,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": "eq",
"trust": 0.9,
"vendor": "ni",
"version": "2012"
},
{
"model": "diadem",
"scope": "eq",
"trust": 0.9,
"vendor": "ni",
"version": "2012"
},
{
"model": "labview",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "labwindows/cvi",
"scope": null,
"trust": 0.8,
"vendor": "national instruments",
"version": null
},
{
"model": "measurementstudio",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows",
"scope": "eq",
"trust": 0.6,
"vendor": "ni",
"version": "2012"
},
{
"model": "measurement studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ni",
"version": "2013"
},
{
"model": "labwindows/cvi",
"scope": "eq",
"trust": 0.3,
"vendor": "ni",
"version": "2012"
}
],
"sources": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ni:labview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ni:labwindows",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments",
"sources": [
{
"db": "BID",
"id": "61833"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-5023",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5023",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-068",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files. \nAttackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. \nThe impact of this issue is currently unknown. We will update this BID as more information becomes available. \nThe following products are affected:\nDiadem 2012 and prior\nLabVIEW 2012 and prior\nLabWindows/CVI 2012 and prior\nMeasurement Studio 2013 and prior\nTestStand 2012 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5023"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "BID",
"id": "61833"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5023",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068",
"trust": 0.6
},
{
"db": "BID",
"id": "61833",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"id": "VAR-201308-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2025-04-11T23:17:16.201000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "How Does NI Security Update 67L8IQQW for NI Help Links Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"title": "How Do The NI Q2 2013 Security Updates Affect Me?",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
},
{
"title": "NI Q2 2013\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/A13EF8E8AE2CFAA886257B750076EC0B?OpenDocument"
},
{
"title": "NI\u30d8\u30eb\u30d7\u30ea\u30f3\u30af\u7528NI\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c867L8IQQW\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://digital.ni.com/public.nsf/websearchj/A48F6C57184FF71D86257B5F0069BE56?OpenDocument"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument"
},
{
"trust": 1.9,
"url": "http://digital.ni.com/public.nsf/websearch/5c87a3aa7300868986257b3600501fe6?opendocument"
},
{
"trust": 1.0,
"url": "http://digital.ni.com/public.nsf/allkb/e6bc4f119d49a97a86257bd3004fe019?opendocument"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5023"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5023"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.ni.com/"
}
],
"sources": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "61833"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
},
{
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61833"
},
{
"date": "2013-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-068"
},
{
"date": "2013-08-06T20:55:05.453000",
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:27:00",
"db": "BID",
"id": "61833"
},
{
"date": "2013-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003661"
},
{
"date": "2013-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-068"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-068"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "National Instruments LabWindows/CVI and LabVIEW Of products such as NI Vulnerability in help links",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003661"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "61833"
}
],
"trust": 0.3
}
}
CVE-2023-5136 (GCVE-0-2023-5136)
Vulnerability from nvd – Published: 2023-11-08 15:24 – Updated: 2025-06-11 14:34
VLAI?
Title
Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX
Summary
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
Severity ?
5.5 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NI | TopoGrafix DataPlugin for GPX |
Affected:
0 , < 2023 Q4
(custom)
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:20:44.035737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:34:24.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "TopoGrafix DataPlugin for GPX",
"vendor": "NI",
"versions": [
{
"lessThan": "2023 Q4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "DIAdem",
"vendor": "NI",
"versions": [
{
"lessThan": "2023 Q2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "VeriStand",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2023 Q4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FlexLogger",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2023 Q4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:27:28.145Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2023-5136",
"datePublished": "2023-11-08T15:24:10.867Z",
"dateReserved": "2023-09-22T19:29:47.084Z",
"dateUpdated": "2025-06-11T14:34:24.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5023 (GCVE-0-2013-5023)
Vulnerability from nvd – Published: 2013-08-06 18:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5023",
"datePublished": "2013-08-06T18:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5136 (GCVE-0-2023-5136)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:24 – Updated: 2025-06-11 14:34
VLAI?
Title
Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX
Summary
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
Severity ?
5.5 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NI | TopoGrafix DataPlugin for GPX |
Affected:
0 , < 2023 Q4
(custom)
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:20:44.035737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:34:24.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "TopoGrafix DataPlugin for GPX",
"vendor": "NI",
"versions": [
{
"lessThan": "2023 Q4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "DIAdem",
"vendor": "NI",
"versions": [
{
"lessThan": "2023 Q2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "VeriStand",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2023 Q4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "FlexLogger",
"vendor": "NI",
"versions": [
{
"lessThanOrEqual": "2023 Q4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:27:28.145Z",
"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"shortName": "NI"
},
"references": [
{
"url": "https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
"assignerShortName": "NI",
"cveId": "CVE-2023-5136",
"datePublished": "2023-11-08T15:24:10.867Z",
"dateReserved": "2023-09-22T19:29:47.084Z",
"dateUpdated": "2025-06-11T14:34:24.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5023 (GCVE-0-2013-5023)
Vulnerability from cvelistv5 – Published: 2013-08-06 18:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveX controls in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allow remote attackers to cause a denial of service by triggering the display of local .chm files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/allkb/E6BC4F119D49A97A86257BD3004FE019?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/5C87A3AA7300868986257B3600501FE6?OpenDocument"
},
{
"name": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument",
"refsource": "CONFIRM",
"url": "http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5023",
"datePublished": "2013-08-06T18:00:00",
"dateReserved": "2013-07-31T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}