{ "id": "CVE-2023-5136", "sourceIdentifier": "security@ni.com", "published": "2023-11-08T16:15:11.067", "lastModified": "2023-11-15T18:42:41.643", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.\n" }, { "lang": "es", "value": "Una asignaci\u00f3n de permiso incorrecta en TopoGrafix DataPlugin para GPX podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad haciendo que un usuario abra un archivo de datos especialmente manipulado." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, "impactScore": 3.6 }, { "source": "security@ni.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.8, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-732" } ] }, { "source": "security@ni.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-732" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ni:topografix_data_plugin:2023:-:*:*:*:gpx:*:*", "matchCriteriaId": "15732407-23EA-4542-96A2-5C878FB8481F" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2014:*:*:*:*:*:*:*", "matchCriteriaId": "1D2B3E07-5832-4ABE-B7F8-EDFFC91940E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2015:-:*:*:*:*:*:*", "matchCriteriaId": "B3D7F82A-8406-4B50-A9BA-CCB34A974F87" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2015:sp2:*:*:*:*:*:*", "matchCriteriaId": "5CA88F99-AE0F-4B98-B86A-4B5289520DA0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2017:-:*:*:*:*:*:*", "matchCriteriaId": "7A59840A-5F72-4FB9-8B67-A91439E7DA1E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2017:sp1:*:*:*:*:*:*", "matchCriteriaId": "2DBC89AC-5BA4-432B-96D8-57A5E9B6A338" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2018:-:*:*:*:*:*:*", "matchCriteriaId": "C853AE58-D3C8-4627-A0D8-542382650932" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2018:sp1:*:*:*:*:*:*", "matchCriteriaId": "87C3A752-E66D-4F4C-B6FB-F572EAF092B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2019:-:*:*:*:*:*:*", "matchCriteriaId": "3F41FF00-1098-43B3-822A-8AC92B991F20" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2019:sp1:*:*:*:*:*:*", "matchCriteriaId": "3525F92B-30ED-4798-BF89-14D8EFCD7CC3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2020:-:*:*:*:*:*:*", "matchCriteriaId": "7D3458A8-E460-4297-A69F-C4DDE1D232F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2020:sp1:*:*:*:*:*:*", "matchCriteriaId": "49A24A9A-8601-49DA-8E7D-798D2E399273" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2021:-:*:*:*:*:*:*", "matchCriteriaId": "4101C29B-BB75-47B6-9D2D-BC5491969EEB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2021:sp1:*:*:*:*:*:*", "matchCriteriaId": "10D8EBAC-D4CF-4841-AE65-5F8A1121788C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2022:q2:*:*:*:*:*:*", "matchCriteriaId": "7C10702F-B2C2-46FF-88FF-2A314B502ED4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2022:q4:*:*:*:*:*:*", "matchCriteriaId": "8C05E9A6-7B7D-4928-A60E-24942D4D51F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:diadem:2023:q2:*:*:*:*:*:*", "matchCriteriaId": "9044BC02-8801-4DBD-8529-49DB7F0D3452" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "F499514A-19DE-469D-9EF6-F7EC1E6810BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2014:*:*:*:*:*:*:*", "matchCriteriaId": "D68D0C2C-C42D-4B8C-A3D6-93A136E5DD21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2015:-:*:*:*:*:*:*", "matchCriteriaId": "29FA2254-FF6C-4FCA-8363-B36E4C38C6BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2015:sp1:*:*:*:*:*:*", "matchCriteriaId": "18577799-88E6-44C1-9477-3261EA98ED4F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2016:*:*:*:*:*:*:*", "matchCriteriaId": "CA705301-337E-4162-8810-BF20B23CB9E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2017:*:*:*:*:*:*:*", "matchCriteriaId": "B5F1303A-A8D9-4E60-BB96-3B00AAAAD8A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2018:-:*:*:*:*:*:*", "matchCriteriaId": "4FAF54A5-268E-4A76-9C31-F3E2FE465464" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2018:sp1:*:*:*:*:*:*", "matchCriteriaId": "E98B7755-005F-4036-AF81-002F113DBCD6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2019:-:*:*:*:*:*:*", "matchCriteriaId": "55743F60-FA68-494E-87B9-8E22787EEF4C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2019:r2:*:*:*:*:*:*", "matchCriteriaId": "2CA4257E-5E97-46D6-BE97-205F6FC18CA3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2019:r3:*:*:*:*:*:*", "matchCriteriaId": "541008B0-5703-4937-9304-C09645454085" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2019:r3f1:*:*:*:*:*:*", "matchCriteriaId": "5970C421-B8B1-459F-85DB-E74A0B31EDCB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2020:-:*:*:*:*:*:*", "matchCriteriaId": "55ADD725-44EE-4F28-B9A3-923094352C4C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2020:r2:*:*:*:*:*:*", "matchCriteriaId": "58D19502-B3F2-4D43-A4D2-CF6CD2E41E48" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2020:r3:*:*:*:*:*:*", "matchCriteriaId": "AAF6DE83-A202-4A90-8B05-735D686FDB8E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2020:r4:*:*:*:*:*:*", "matchCriteriaId": "C90473FA-81CB-4984-8B4C-2EE907ED9DC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2020:r5:*:*:*:*:*:*", "matchCriteriaId": "B09E4798-97D8-41B7-9E3C-A5D45F8C8CB5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2020:r6:*:*:*:*:*:*", "matchCriteriaId": "03D1BFD1-E75E-4816-9D3B-380DACB50EFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2021:-:*:*:*:*:*:*", "matchCriteriaId": "C0BC96D8-AB88-47BF-B956-818BF9C8E91E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2021:r2:*:*:*:*:*:*", "matchCriteriaId": "CD0B65DD-E62E-4D7F-90C4-EE8EACE23F8B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2021:r3:*:*:*:*:*:*", "matchCriteriaId": "006E30B2-90DC-475D-835B-030A5801332F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2023:q1:*:*:*:*:*:*", "matchCriteriaId": "326C3FE1-6CE7-4FD4-9E8A-C14E1A0BE743" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2023:q2:*:*:*:*:*:*", "matchCriteriaId": "406FE5DA-02BE-4981-8F0E-C77840C5CB5F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2023:q3:*:*:*:*:*:*", "matchCriteriaId": "2B89A08C-C66E-400A-A224-DF6ED111D565" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:veristand:2023:q4:*:*:*:*:*:*", "matchCriteriaId": "2A151AB1-BD09-4DF0-B7DD-4D8E1E7E026C" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2018:r1:*:*:*:*:*:*", "matchCriteriaId": "9C2C31C3-9D4C-4FEE-8457-31E9F66CD043" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2018:r2:*:*:*:*:*:*", "matchCriteriaId": "F16894B6-5151-41DE-A1AC-7FB3C23DC05F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2018:r3:*:*:*:*:*:*", "matchCriteriaId": "4BE623D6-DE16-40ED-82CF-3CCD975B5C92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2018:r4:*:*:*:*:*:*", "matchCriteriaId": "0375EAF9-35F8-43AB-A26D-79B1C74E6055" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2019:r1:*:*:*:*:*:*", "matchCriteriaId": "1E8E8A79-BCBA-42D0-A4D5-4134327FDB07" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2019:r2:*:*:*:*:*:*", "matchCriteriaId": "91A2082B-47F5-4DFD-A9CE-115DB223B4A0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2019:r3:*:*:*:*:*:*", "matchCriteriaId": "758C8631-05F4-415B-861A-FF47896756BB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2019:r4:*:*:*:*:*:*", "matchCriteriaId": "CA0E5A70-2CE4-485F-97BC-CEF8FC2C6C62" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2020:r1:*:*:*:*:*:*", "matchCriteriaId": "852AC7E1-DE18-4EAD-9079-7E3DF5EAD9A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2020:r2:*:*:*:*:*:*", "matchCriteriaId": "055A3E53-09AC-4CD4-8724-21E3F591550E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2020:r3:*:*:*:*:*:*", "matchCriteriaId": "BEE4C627-4298-469E-91BA-08C711F7EE14" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2020:r4:*:*:*:*:*:*", "matchCriteriaId": "A7BB6592-DBC5-4D4C-96AD-CDE24E1F576A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2021:r1:*:*:*:*:*:*", "matchCriteriaId": "008505B6-6295-46CE-A923-27958172F026" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2021:r2:*:*:*:*:*:*", "matchCriteriaId": "CE96AE31-D36F-446A-96A5-46C762818A96" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2021:r3:*:*:*:*:*:*", "matchCriteriaId": "336F1E07-92EE-4BF5-AA14-981BFB67965C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2021:r4:*:*:*:*:*:*", "matchCriteriaId": "7D3A4BF7-5BF0-4EE5-BF7C-8C514D6238B5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2022:q2:*:*:*:*:*:*", "matchCriteriaId": "0213180D-04BD-4979-88BE-B21F385469CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2022:q4:*:*:*:*:*:*", "matchCriteriaId": "A336AAE6-FA87-4900-AECD-12997D064A64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2023:q1:*:*:*:*:*:*", "matchCriteriaId": "CBFBD9F4-9FFF-44B2-8E95-2DEAC4476A88" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2023:q2:*:*:*:*:*:*", "matchCriteriaId": "FA33AE39-F976-4C56-9A4B-8932BC6855C9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2023:q3:*:*:*:*:*:*", "matchCriteriaId": "21C2A279-F66F-49D3-A4A8-1D56FEF22B6B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ni:flexlogger:2023:q4:*:*:*:*:*:*", "matchCriteriaId": "08133BDF-895D-4D2A-8DAB-C02766DE86B1" } ] } ] } ], "references": [ { "url": "https://www.ni.com/en/support/documentation/supplemental/23/incorrect-permission-assignment-in-the-topografix-dataplug-for-gpx.html", "source": "security@ni.com", "tags": [ "Vendor Advisory" ] } ] }