2023-11-08 17:00:23 +00:00
{
"id" : "CVE-2023-5136" ,
"sourceIdentifier" : "security@ni.com" ,
"published" : "2023-11-08T16:15:11.067" ,
2023-11-15 19:00:22 +00:00
"lastModified" : "2023-11-15T18:42:41.643" ,
"vulnStatus" : "Analyzed" ,
2023-11-08 17:00:23 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.\n"
2023-11-15 19:00:22 +00:00
} ,
{
"lang" : "es" ,
"value" : "Una asignaci\u00f3n de permiso incorrecta en TopoGrafix DataPlugin para GPX podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad haciendo que un usuario abra un archivo de datos especialmente manipulado."
2023-11-08 17:00:23 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-11-15 19:00:22 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 3.6
} ,
2023-11-08 17:00:23 +00:00
{
"source" : "security@ni.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
2023-11-15 19:00:22 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-732"
}
]
} ,
2023-11-08 17:00:23 +00:00
{
"source" : "security@ni.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-732"
}
]
}
] ,
2023-11-15 19:00:22 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:topografix_data_plugin:2023:-:*:*:*:gpx:*:*" ,
"matchCriteriaId" : "15732407-23EA-4542-96A2-5C878FB8481F"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2014:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1D2B3E07-5832-4ABE-B7F8-EDFFC91940E5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2015:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "B3D7F82A-8406-4B50-A9BA-CCB34A974F87"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2015:sp2:*:*:*:*:*:*" ,
"matchCriteriaId" : "5CA88F99-AE0F-4B98-B86A-4B5289520DA0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2017:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "7A59840A-5F72-4FB9-8B67-A91439E7DA1E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2017:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "2DBC89AC-5BA4-432B-96D8-57A5E9B6A338"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2018:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "C853AE58-D3C8-4627-A0D8-542382650932"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2018:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "87C3A752-E66D-4F4C-B6FB-F572EAF092B0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2019:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "3F41FF00-1098-43B3-822A-8AC92B991F20"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2019:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "3525F92B-30ED-4798-BF89-14D8EFCD7CC3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2020:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "7D3458A8-E460-4297-A69F-C4DDE1D232F3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2020:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "49A24A9A-8601-49DA-8E7D-798D2E399273"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2021:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "4101C29B-BB75-47B6-9D2D-BC5491969EEB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2021:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "10D8EBAC-D4CF-4841-AE65-5F8A1121788C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2022:q2:*:*:*:*:*:*" ,
"matchCriteriaId" : "7C10702F-B2C2-46FF-88FF-2A314B502ED4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2022:q4:*:*:*:*:*:*" ,
"matchCriteriaId" : "8C05E9A6-7B7D-4928-A60E-24942D4D51F5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:diadem:2023:q2:*:*:*:*:*:*" ,
"matchCriteriaId" : "9044BC02-8801-4DBD-8529-49DB7F0D3452"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2013:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "F499514A-19DE-469D-9EF6-F7EC1E6810BC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2014:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D68D0C2C-C42D-4B8C-A3D6-93A136E5DD21"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2015:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "29FA2254-FF6C-4FCA-8363-B36E4C38C6BC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2015:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "18577799-88E6-44C1-9477-3261EA98ED4F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2016:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CA705301-337E-4162-8810-BF20B23CB9E5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2017:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B5F1303A-A8D9-4E60-BB96-3B00AAAAD8A2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2018:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "4FAF54A5-268E-4A76-9C31-F3E2FE465464"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2018:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "E98B7755-005F-4036-AF81-002F113DBCD6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2019:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "55743F60-FA68-494E-87B9-8E22787EEF4C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2019:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "2CA4257E-5E97-46D6-BE97-205F6FC18CA3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2019:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "541008B0-5703-4937-9304-C09645454085"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2019:r3f1:*:*:*:*:*:*" ,
"matchCriteriaId" : "5970C421-B8B1-459F-85DB-E74A0B31EDCB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2020:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "55ADD725-44EE-4F28-B9A3-923094352C4C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2020:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "58D19502-B3F2-4D43-A4D2-CF6CD2E41E48"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2020:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "AAF6DE83-A202-4A90-8B05-735D686FDB8E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2020:r4:*:*:*:*:*:*" ,
"matchCriteriaId" : "C90473FA-81CB-4984-8B4C-2EE907ED9DC0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2020:r5:*:*:*:*:*:*" ,
"matchCriteriaId" : "B09E4798-97D8-41B7-9E3C-A5D45F8C8CB5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2020:r6:*:*:*:*:*:*" ,
"matchCriteriaId" : "03D1BFD1-E75E-4816-9D3B-380DACB50EFC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2021:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "C0BC96D8-AB88-47BF-B956-818BF9C8E91E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2021:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "CD0B65DD-E62E-4D7F-90C4-EE8EACE23F8B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2021:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "006E30B2-90DC-475D-835B-030A5801332F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2023:q1:*:*:*:*:*:*" ,
"matchCriteriaId" : "326C3FE1-6CE7-4FD4-9E8A-C14E1A0BE743"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2023:q2:*:*:*:*:*:*" ,
"matchCriteriaId" : "406FE5DA-02BE-4981-8F0E-C77840C5CB5F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2023:q3:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B89A08C-C66E-400A-A224-DF6ED111D565"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:veristand:2023:q4:*:*:*:*:*:*" ,
"matchCriteriaId" : "2A151AB1-BD09-4DF0-B7DD-4D8E1E7E026C"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2018:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "9C2C31C3-9D4C-4FEE-8457-31E9F66CD043"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2018:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "F16894B6-5151-41DE-A1AC-7FB3C23DC05F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2018:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "4BE623D6-DE16-40ED-82CF-3CCD975B5C92"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2018:r4:*:*:*:*:*:*" ,
"matchCriteriaId" : "0375EAF9-35F8-43AB-A26D-79B1C74E6055"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2019:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "1E8E8A79-BCBA-42D0-A4D5-4134327FDB07"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2019:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "91A2082B-47F5-4DFD-A9CE-115DB223B4A0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2019:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "758C8631-05F4-415B-861A-FF47896756BB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2019:r4:*:*:*:*:*:*" ,
"matchCriteriaId" : "CA0E5A70-2CE4-485F-97BC-CEF8FC2C6C62"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2020:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "852AC7E1-DE18-4EAD-9079-7E3DF5EAD9A2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2020:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "055A3E53-09AC-4CD4-8724-21E3F591550E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2020:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "BEE4C627-4298-469E-91BA-08C711F7EE14"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2020:r4:*:*:*:*:*:*" ,
"matchCriteriaId" : "A7BB6592-DBC5-4D4C-96AD-CDE24E1F576A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2021:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "008505B6-6295-46CE-A923-27958172F026"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2021:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "CE96AE31-D36F-446A-96A5-46C762818A96"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2021:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "336F1E07-92EE-4BF5-AA14-981BFB67965C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2021:r4:*:*:*:*:*:*" ,
"matchCriteriaId" : "7D3A4BF7-5BF0-4EE5-BF7C-8C514D6238B5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2022:q2:*:*:*:*:*:*" ,
"matchCriteriaId" : "0213180D-04BD-4979-88BE-B21F385469CF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2022:q4:*:*:*:*:*:*" ,
"matchCriteriaId" : "A336AAE6-FA87-4900-AECD-12997D064A64"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2023:q1:*:*:*:*:*:*" ,
"matchCriteriaId" : "CBFBD9F4-9FFF-44B2-8E95-2DEAC4476A88"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2023:q2:*:*:*:*:*:*" ,
"matchCriteriaId" : "FA33AE39-F976-4C56-9A4B-8932BC6855C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2023:q3:*:*:*:*:*:*" ,
"matchCriteriaId" : "21C2A279-F66F-49D3-A4A8-1D56FEF22B6B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ni:flexlogger:2023:q4:*:*:*:*:*:*" ,
"matchCriteriaId" : "08133BDF-895D-4D2A-8DAB-C02766DE86B1"
}
]
}
]
}
] ,
2023-11-08 17:00:23 +00:00
"references" : [
{
"url" : "https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html" ,
2023-11-15 19:00:22 +00:00
"source" : "security@ni.com" ,
"tags" : [
"Vendor Advisory"
]
2023-11-08 17:00:23 +00:00
}
]
}
