Sign-up

ID

VAR-201308-0298


CVE

CVE-2013-5026


TITLE

National Instruments Lookout of ActiveX Control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003664

DESCRIPTION

An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file. National Instruments Lookout of ActiveX The controls include lookout650.ocx , lookout660.ocx and lookout670.ocx Vulnerabilities that are unspecified are present due to incomplete processing.It may be affected unspecified. National Instruments Lookout is an easy-to-use HMI/SCADA software. The vulnerability is related to lookout650.ocx, lookout660.ocx and lookout670.ocx. The impact of this issue is currently unknown. We will update this BID as more information emerges

Trust: 2.61

sources: NVD: CVE-2013-5026 // JVNDB: JVNDB-2013-003664 // CNVD: CNVD-2013-11817 // BID: 61834 // IVD: cbb59d24-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: cbb59d24-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11817

AFFECTED PRODUCTS

vendor:nimodel:lookoutscope:eqversion:6.5

Trust: 1.6

vendor:nimodel:lookoutscope:eqversion:6.6

Trust: 1.6

vendor:nimodel:lookoutscope:eqversion:6.7

Trust: 1.6

vendor:national instrumentsmodel:lookoutscope:eqversion:6.5 to 6.7

Trust: 0.8

vendor:national instrumentsmodel:lookoutscope:eqversion:6.5-6.7

Trust: 0.6

vendor:lookoutmodel: - scope:eqversion:6.5

Trust: 0.2

vendor:lookoutmodel: - scope:eqversion:6.6

Trust: 0.2

vendor:lookoutmodel: - scope:eqversion:6.7

Trust: 0.2

sources: IVD: cbb59d24-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11817 // JVNDB: JVNDB-2013-003664 // CNNVD: CNNVD-201308-071 // NVD: CVE-2013-5026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5026
value: HIGH

Trust: 1.0

NVD: CVE-2013-5026
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-11817
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201308-071
value: CRITICAL

Trust: 0.6

IVD: cbb59d24-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2013-5026
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2013-5026
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-11817
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cbb59d24-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: cbb59d24-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11817 // JVNDB: JVNDB-2013-003664 // CNNVD: CNNVD-201308-071 // NVD: CVE-2013-5026

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-5026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-071

TYPE

Unknown

Trust: 0.3

sources: BID: 61834

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003664

PATCH
title:How Does NI Security Update 67L8J3QW for Lookout Affect Me?url:http://digital.ni.com/public.nsf/websearch/A792DE0703C8108786257B3600506077?OpenDocument
Trust: 0.8
title:How Do The NI Q2 2013 Security Updates Affect Me?url:http://digital.ni.com/public.nsf/websearch/507DEC9DA57A708186257B3600512623?OpenDocument
Trust: 0.8
title:NI Q2 2013セキュリティアップデートについてurl:http://digital.ni.com/public.nsf/websearchj/A13EF8E8AE2CFAA886257B750076EC0B?OpenDocument
Trust: 0.8
title:National Instruments Lookout ActiveX Control has an unexplained patchurl:https://www.cnvd.org.cn/patchInfo/show/38113
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-11817 // 
            
            
            
            JVNDB: JVNDB-2013-003664

EXTERNAL IDS
db:NVDid:CVE-2013-5026
Trust: 3.5
db:CNVDid:CNVD-2013-11817
Trust: 0.8
db:CNNVDid:CNNVD-201308-071
Trust: 0.8
db:JVNDBid:JVNDB-2013-003664
Trust: 0.8
db:BIDid:61834
Trust: 0.3
db:IVDid:CBB59D24-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: cbb59d24-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-11817 // 
            
            
            
            BID: 61834 // 
            
            
            
            JVNDB: JVNDB-2013-003664 // 
            
            
            
            CNNVD: CNNVD-201308-071 // 
            
            
            
            NVD: CVE-2013-5026

REFERENCES
url:http://digital.ni.com/public.nsf/websearch/a792de0703c8108786257b3600506077?opendocument
Trust: 2.5
url:http://digital.ni.com/public.nsf/websearch/507dec9da57a708186257b3600512623?opendocument
Trust: 1.9
url:http://digital.ni.com/public.nsf/allkb/544407ecc5fee44086257bcf00735d1f?opendocument
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5026
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5026
Trust: 0.8
url:http://sine.ni.com/nips/cds/view/p/lang/en/nid/12511
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-11817 // 
            
            
            
            BID: 61834 // 
            
            
            
            JVNDB: JVNDB-2013-003664 // 
            
            
            
            CNNVD: CNNVD-201308-071 // 
            
            
            
            NVD: CVE-2013-5026

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 61834

SOURCES
db:IVDid:cbb59d24-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-11817
db:BIDid:61834
db:JVNDBid:JVNDB-2013-003664
db:CNNVDid:CNNVD-201308-071
db:NVDid:CVE-2013-5026

LAST UPDATE DATE
2025-04-11T23:02:56.927000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-11817date:2013-08-08T00:00:00
db:BIDid:61834date:2015-03-19T09:10:00
db:JVNDBid:JVNDB-2013-003664date:2013-08-08T00:00:00
db:CNNVDid:CNNVD-201308-071date:2013-08-26T00:00:00
db:NVDid:CVE-2013-5026date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:cbb59d24-2352-11e6-abef-000c29c66e3ddate:2013-08-08T00:00:00
db:CNVDid:CNVD-2013-11817date:2013-08-08T00:00:00
db:BIDid:61834date:2013-08-06T00:00:00
db:JVNDBid:JVNDB-2013-003664date:2013-08-08T00:00:00
db:CNNVDid:CNNVD-201308-071date:2013-08-23T00:00:00
db:NVDid:CVE-2013-5026date:2013-08-06T20:55:05.530