Lucene search

IcscertCVE-2013-2808

HistoryOct 05, 2013 - 10:55 a.m.

CVE-2013-2808

2013-10-0510:55:03

CWE-119

icscert

web.nvd.nist.gov

cve-2013-2808

buffer overflow

xper

philips

information management

physiomonitoring

vascular monitoring

flex cardio

xperconnect 1.5.4.053 sp2

remote code execution

crafted http request

connect broker

tcp port 6000

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.4

Confidence

Low

EPSS

0.006

Percentile

78.8%

JSON

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

Affected configurations

Nvd

Node

philipsxper_information_management_physiomonitoring_5Match-

AND

philipsxperconnectRange≤1.5.4.053

Node

philipsxper_information_management_vascular_monitoring_5Match-

AND

philipsxperconnectRange≤1.5.4.053

Node

philipsxper_flex_cardioMatch-

AND

philipsxperconnectRange≤1.5.4.053

VendorProductVersionCPE
philipsxper_information_management_physiomonitoring_5-cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*
philipsxperconnect*cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*
philipsxper_information_management_vascular_monitoring_5-cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*
philipsxper_flex_cardio-cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philips	xper_information_management_physiomonitoring_5	-	cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:::::::*
philips	xperconnect	*	cpe:2.3:a:philips:xperconnect::::::::
philips	xper_information_management_vascular_monitoring_5	-	cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:::::::*
philips	xper_flex_cardio	-	cpe:2.3:h:philips:xper_flex_cardio:-:::::::*

References

ics-cert.us-cert.gov/advisories/ICSA-13-277-01

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.4

Confidence

Low

EPSS

0.006

Percentile

78.8%

JSON

Related for CVE-2013-2808