CVE-2013-2808 - OpenCVE

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Philips	Xper Information Management Vascular Monitoring 5 Xperconnect Xper Information Management Physiomonitoring 5 Xper Flex Cardio

Configuration 1 [-]

AND

cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*

cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*

cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*

cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01	US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2022-10-03T16:15:00

Updated: 2022-10-03T16:15:00

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-2808

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-10-05T10:55:03.463

Modified: 2013-10-07T17:56:44.673

Link: CVE-2013-2808

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-2808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-2808", "datePublished": "2022-10-03T16:15:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xper_information_management_physiomonitoring_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "158B1CFF-F9DD-4CBB-96C6-2E5C25973CE3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*", "matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9", "versionEndIncluding": "1.5.4.053", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xper_information_management_vascular_monitoring_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BBD6C19-D046-4DA6-B1BB-1CAABBBAD04E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*", "matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9", "versionEndIncluding": "1.5.4.053", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:philips:xper_flex_cardio:-:*:*:*:*:*:*:*", "matchCriteriaId": "875CF337-C0CA-4D76-AC02-B992241AE978", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:philips:xperconnect:*:*:*:*:*:*:*:*", "matchCriteriaId": "1099FA48-D9A6-404A-851C-558D54C6D1D9", "versionEndIncluding": "1.5.4.053", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000."}, {"lang": "es", "value": "Desobrdamiento de b\u00faffer basado en memoria din\u00e1mica de componentes Xper en Philips Xper Information Management Physiomonitoring 5, componentes Xper Information Management Vascular Monitoring 5, y servidores y estaciones de trabajo Xper Information Management para productos Flex Cardio anterior a XperConnect 1.5.4.053 SP2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de peticiones HTTP manipuladas al broker Connect en el puerto 6000 de TCP."}], "id": "CVE-2013-2808", "lastModified": "2013-10-07T17:56:44.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-05T10:55:03.463", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}