CVE-2013-2808

2013-10-0510:55:03

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.006

Percentile

78.8%

JSON

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

Affected configurations

Nvd

Node

philipsxper_information_management_physiomonitoring_5Match-

AND

philipsxperconnectRange≤1.5.4.053

Node

philipsxper_information_management_vascular_monitoring_5Match-

AND

philipsxperconnectRange≤1.5.4.053

Node

philipsxper_flex_cardioMatch-

AND

philipsxperconnectRange≤1.5.4.053

VendorProductVersionCPE
philipsxper_information_management_physiomonitoring_5-cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*
philipsxperconnect*cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*
philipsxper_information_management_vascular_monitoring_5-cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*
philipsxper_flex_cardio-cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philips	xper_information_management_physiomonitoring_5	-	cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:::::::*
philips	xperconnect	*	cpe:2.3:a:philips:xperconnect::::::::
philips	xper_information_management_vascular_monitoring_5	-	cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:::::::*
philips	xper_flex_cardio	-	cpe:2.3:h:philips:xper_flex_cardio:-:::::::*