Update Details

Security Intelligence Center

Update #2990 (09/19/2017)

1 updated signature:

HIGH

HTTP:STC:ACTIVEX:ABB-CWGRAPH3D

HTTP: ABB Test Signal Viewer CWGraph3D ActiveX Arbitrary File Creation

Details of the signatures included within this bulletin:

HTTP:STC:ACTIVEX:ABB-CWGRAPH3D - HTTP: ABB Test Signal Viewer CWGraph3D ActiveX Arbitrary File Creation

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in ABB Test Signal Viewer CWGraph3D. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

isg-3.5.141652, idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603

References:

cve: CVE-2013-5022

Affected Products:

ni labwindows up to 2012
ni measurementstudio up to 2013
ni labview up to 2012
ni teststand up to 2012