VAR-201310-0198
Vulnerability from variot - Updated: 2023-12-18 13:57Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Xper is a physiological testing system that is mostly deployed in the medical and public health sectors. Xper Connect is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions prior to Xper Connect 1.5.4.053 SP2 is vulnerable. Philips Xper Information Management Physiomonitoring, etc. are all components in the healthcare information system (Xper Cardiovascular Workflow Solution) of Philips, the Netherlands. The solution provides workflow charting, registry management, real-time hemodynamic monitoring and reporting, and more. A heap-based buffer overflow vulnerability exists in the Philips Xper application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xper information management vascular monitoring 5",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xper information management physiomonitoring 5",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xper flex cardio",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xperconnect",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "1.5.4.053"
},
{
"model": "xper connect",
"scope": "lt",
"trust": 0.8,
"vendor": "philips",
"version": "1.5.4.053 sp2"
},
{
"model": "xper flex cardio",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "product xper information management server and work station"
},
{
"model": "xper information management physiomonitoring 5",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "component"
},
{
"model": "xper information management vascular monitoring 5",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "component"
},
{
"model": "philips n.v. xper connect",
"scope": null,
"trust": 0.6,
"vendor": "koninklijke",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.4.053",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "62845"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-2808",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13488",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-62810",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2808",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13488",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-020",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-62810",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Xper is a physiological testing system that is mostly deployed in the medical and public health sectors. Xper Connect is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. \nAttackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. \nVersions prior to Xper Connect 1.5.4.053 SP2 is vulnerable. Philips Xper Information Management Physiomonitoring, etc. are all components in the healthcare information system (Xper Cardiovascular Workflow Solution) of Philips, the Netherlands. The solution provides workflow charting, registry management, real-time hemodynamic monitoring and reporting, and more. A heap-based buffer overflow vulnerability exists in the Philips Xper application",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "VULHUB",
"id": "VHN-62810"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2808",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-13-277-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62845",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13488",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62810",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"id": "VAR-201310-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-62810"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:57:46.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Xper Flex Cardio Physiomonitoring System",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/flex_cardio_physiomonitoring.wpd"
},
{
"title": "Xper Physiomonitoring 5",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/"
},
{
"title": "Xper Connect",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/connect.wpd"
},
{
"title": "Xper Vascular Monitoring 5",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/vascular_monitoring.wpd"
},
{
"title": "Patch for Xper Connect Remote Heap Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-277-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2808"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2808"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"date": "2013-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-62810"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62845"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"date": "2013-10-05T10:55:03.463000",
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"date": "2013-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-62810"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62845"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"date": "2013-10-07T17:56:44.673000",
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips Product Xper Connect Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…