CVE-2023-5136

Published: Nov 8, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.

Affected (64)

Products: Ni: Topografix Data Plugin, Diadem, Veristand, Flexlogger

4 products

Topografix Data Plugin

Diadem

Veristand

Flexlogger

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ni Topografix Data Plugin	Version 2023

Configuration B

16 vulnerable

Vulnerable Software	Affected Versions
Ni Diadem	Version 2014
Ni Diadem	Version 2015
Ni Diadem	Version 2015 sp2
Ni Diadem	Version 2017
Ni Diadem	Version 2017 sp1
Ni Diadem	Version 2018
Ni Diadem	Version 2018 sp1
Ni Diadem	Version 2019
Ni Diadem	Version 2019 sp1
Ni Diadem	Version 2020
Ni Diadem	Version 2020 sp1
Ni Diadem	Version 2021
Ni Diadem	Version 2021 sp1
Ni Diadem	Version 2022 q2
Ni Diadem	Version 2022 q4
Ni Diadem	Version 2023 q2

Configuration C

25 vulnerable

Vulnerable Software	Affected Versions
Ni Veristand	Version 2013 sp1
Ni Veristand	Version 2014
Ni Veristand	Version 2015
Ni Veristand	Version 2015 sp1
Ni Veristand	Version 2016
Ni Veristand	Version 2017
Ni Veristand	Version 2018
Ni Veristand	Version 2018 sp1
Ni Veristand	Version 2019
Ni Veristand	Version 2019 r2
Ni Veristand	Version 2019 r3
Ni Veristand	Version 2019 r3f1
Ni Veristand	Version 2020
Ni Veristand	Version 2020 r2
Ni Veristand	Version 2020 r3
Ni Veristand	Version 2020 r4
Ni Veristand	Version 2020 r5
Ni Veristand	Version 2020 r6
Ni Veristand	Version 2021
Ni Veristand	Version 2021 r2
Ni Veristand	Version 2021 r3
Ni Veristand	Version 2023 q1
Ni Veristand	Version 2023 q2
Ni Veristand	Version 2023 q3
Ni Veristand	Version 2023 q4

Configuration D

22 vulnerable

Vulnerable Software	Affected Versions
Ni Flexlogger	Version 2018 r1
Ni Flexlogger	Version 2018 r2
Ni Flexlogger	Version 2018 r3
Ni Flexlogger	Version 2018 r4
Ni Flexlogger	Version 2019 r1
Ni Flexlogger	Version 2019 r2
Ni Flexlogger	Version 2019 r3
Ni Flexlogger	Version 2019 r4
Ni Flexlogger	Version 2020 r1
Ni Flexlogger	Version 2020 r2
Ni Flexlogger	Version 2020 r3
Ni Flexlogger	Version 2020 r4
Ni Flexlogger	Version 2021 r1
Ni Flexlogger	Version 2021 r2
Ni Flexlogger	Version 2021 r3
Ni Flexlogger	Version 2021 r4
Ni Flexlogger	Version 2022 q2
Ni Flexlogger	Version 2022 q4
Ni Flexlogger	Version 2023 q1
Ni Flexlogger	Version 2023 q2
Ni Flexlogger	Version 2023 q3
Ni Flexlogger	Version 2023 q4

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html

Source: security@ni.com

Vendor Advisory

https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.