Search criteria
4 vulnerabilities found for xperconnect by philips
VAR-201310-0198
Vulnerability from variot - Updated: 2023-12-18 13:57Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Xper is a physiological testing system that is mostly deployed in the medical and public health sectors. Xper Connect is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions prior to Xper Connect 1.5.4.053 SP2 is vulnerable. Philips Xper Information Management Physiomonitoring, etc. are all components in the healthcare information system (Xper Cardiovascular Workflow Solution) of Philips, the Netherlands. The solution provides workflow charting, registry management, real-time hemodynamic monitoring and reporting, and more. A heap-based buffer overflow vulnerability exists in the Philips Xper application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xper information management vascular monitoring 5",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xper information management physiomonitoring 5",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xper flex cardio",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xperconnect",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "1.5.4.053"
},
{
"model": "xper connect",
"scope": "lt",
"trust": 0.8,
"vendor": "philips",
"version": "1.5.4.053 sp2"
},
{
"model": "xper flex cardio",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "product xper information management server and work station"
},
{
"model": "xper information management physiomonitoring 5",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "component"
},
{
"model": "xper information management vascular monitoring 5",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "component"
},
{
"model": "philips n.v. xper connect",
"scope": null,
"trust": 0.6,
"vendor": "koninklijke",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "62845"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-2808",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13488",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-62810",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2808",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13488",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-020",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-62810",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Xper is a physiological testing system that is mostly deployed in the medical and public health sectors. Xper Connect is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. \nAttackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. \nVersions prior to Xper Connect 1.5.4.053 SP2 is vulnerable. Philips Xper Information Management Physiomonitoring, etc. are all components in the healthcare information system (Xper Cardiovascular Workflow Solution) of Philips, the Netherlands. The solution provides workflow charting, registry management, real-time hemodynamic monitoring and reporting, and more. A heap-based buffer overflow vulnerability exists in the Philips Xper application",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "VULHUB",
"id": "VHN-62810"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2808",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-13-277-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62845",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13488",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62810",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"id": "VAR-201310-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-62810"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:57:46.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Xper Flex Cardio Physiomonitoring System",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/flex_cardio_physiomonitoring.wpd"
},
{
"title": "Xper Physiomonitoring 5",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/"
},
{
"title": "Xper Connect",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/connect.wpd"
},
{
"title": "Xper Vascular Monitoring 5",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/vascular_monitoring.wpd"
},
{
"title": "Patch for Xper Connect Remote Heap Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-277-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2808"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2808"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"date": "2013-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-62810"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62845"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"date": "2013-10-05T10:55:03.463000",
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"date": "2013-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-62810"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62845"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"date": "2013-10-07T17:56:44.673000",
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips Product Xper Connect Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
],
"trust": 0.6
}
}
FKIE_CVE-2013-2808
Vulnerability from fkie_nvd - Published: 2013-10-05 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01 | US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "158B1CFF-F9DD-4CBB-96C6-2E5C25973CE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9",
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD6C19-D046-4DA6-B1BB-1CAABBBAD04E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9",
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "875CF337-C0CA-4D76-AC02-B992241AE978",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9",
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."
},
{
"lang": "es",
"value": "Desobrdamiento de b\u00faffer basado en memoria din\u00e1mica de componentes Xper en Philips Xper Information Management Physiomonitoring 5, componentes Xper Information Management Vascular Monitoring 5, y servidores y estaciones de trabajo Xper Information Management para productos Flex Cardio anterior a XperConnect 1.5.4.053 SP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de peticiones HTTP manipuladas al broker Connect en el puerto 6000 de TCP."
}
],
"id": "CVE-2013-2808",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-05T10:55:03.463",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-2808 (GCVE-0-2013-2808)
Vulnerability from cvelistv5 – Published: 2013-10-05 10:00 – Updated: 2024-09-16 17:14
VLAI?
Summary
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:20.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-05T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2808",
"datePublished": "2013-10-05T10:00:00Z",
"dateReserved": "2013-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:14:50.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2808 (GCVE-0-2013-2808)
Vulnerability from nvd – Published: 2013-10-05 10:00 – Updated: 2024-09-16 17:14
VLAI?
Summary
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:20.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-05T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2808",
"datePublished": "2013-10-05T10:00:00Z",
"dateReserved": "2013-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:14:50.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}