CVE-2013-2808 - OpenCVE

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Xper Flex Cardio Xper Information Management Physiomonitoring 5 Xper Information Management Vascular Monitoring 5 Xperconnect

Configuration 1 [-]

AND

cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*

cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*

cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*

cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2013-10-05T10:00:00Z

Updated: 2024-09-16T17:14:50.857Z

Reserved: 2013-04-11T00:00:00Z

Link: CVE-2013-2808

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-10-05T10:55:03.463

Modified: 2013-10-07T17:56:44.673

Link: CVE-2013-2808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-05T10:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-2808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:52:20.433Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-2808", "datePublished": "2013-10-05T10:00:00Z", "dateReserved": "2013-04-11T00:00:00Z", "dateUpdated": "2024-09-16T17:14:50.857Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "158B1CFF-F9DD-4CBB-96C6-2E5C25973CE3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*", "matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9", "versionEndIncluding": "1.5.4.053", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BBD6C19-D046-4DA6-B1BB-1CAABBBAD04E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*", "matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9", "versionEndIncluding": "1.5.4.053", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*", "matchCriteriaId": "875CF337-C0CA-4D76-AC02-B992241AE978", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*", "matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9", "versionEndIncluding": "1.5.4.053", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."}, {"lang": "es", "value": "Desobrdamiento de b\u00faffer basado en memoria din\u00e1mica de componentes Xper en Philips Xper Information Management Physiomonitoring 5, componentes Xper Information Management Vascular Monitoring 5, y servidores y estaciones de trabajo Xper Information Management para productos Flex Cardio anterior a XperConnect 1.5.4.053 SP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de peticiones HTTP manipuladas al broker Connect en el puerto 6000 de TCP."}], "id": "CVE-2013-2808", "lastModified": "2013-10-07T17:56:44.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-05T10:55:03.463", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}