var-201310-0198
Vulnerability from variot
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Xper is a physiological testing system that is mostly deployed in the medical and public health sectors. Xper Connect is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions prior to Xper Connect 1.5.4.053 SP2 is vulnerable. Philips Xper Information Management Physiomonitoring, etc. are all components in the healthcare information system (Xper Cardiovascular Workflow Solution) of Philips, the Netherlands. The solution provides workflow charting, registry management, real-time hemodynamic monitoring and reporting, and more. A heap-based buffer overflow vulnerability exists in the Philips Xper application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xper information management physiomonitoring 5",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xper information management vascular monitoring 5",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xper flex cardio",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "xperconnect",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "1.5.4.053"
},
{
"model": "xper connect",
"scope": "lt",
"trust": 0.8,
"vendor": "philips",
"version": "1.5.4.053 sp2"
},
{
"model": "xper flex cardio",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "product xper information management server and work station"
},
{
"model": "xper information management physiomonitoring 5",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "component"
},
{
"model": "xper information management vascular monitoring 5",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "component"
},
{
"model": "philips n.v. xper connect",
"scope": null,
"trust": 0.6,
"vendor": "koninklijke",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:philips:xperconnect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:philips:xper_flex_cardio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:philips:xper_information_management_physiomonitoring_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:philips:xper_information_management_vascular_monitoring_5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "62845"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-2808",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13488",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-62810",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2808",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2808",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-13488",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-020",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-62810",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Xper is a physiological testing system that is mostly deployed in the medical and public health sectors. Xper Connect is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. \nAttackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. \nVersions prior to Xper Connect 1.5.4.053 SP2 is vulnerable. Philips Xper Information Management Physiomonitoring, etc. are all components in the healthcare information system (Xper Cardiovascular Workflow Solution) of Philips, the Netherlands. The solution provides workflow charting, registry management, real-time hemodynamic monitoring and reporting, and more. A heap-based buffer overflow vulnerability exists in the Philips Xper application",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2808"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "VULHUB",
"id": "VHN-62810"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2808",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-13-277-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62845",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13488",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62810",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"id": "VAR-201310-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-62810"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:46:51.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Xper Flex Cardio Physiomonitoring System",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/flex_cardio_physiomonitoring.wpd"
},
{
"title": "Xper Physiomonitoring 5",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/"
},
{
"title": "Xper Connect",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/connect.wpd"
},
{
"title": "Xper Vascular Monitoring 5",
"trust": 0.8,
"url": "http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/vascular_monitoring.wpd"
},
{
"title": "Patch for Xper Connect Remote Heap Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/40000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-277-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2808"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2808"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"db": "VULHUB",
"id": "VHN-62810"
},
{
"db": "BID",
"id": "62845"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
},
{
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"date": "2013-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-62810"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62845"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-020"
},
{
"date": "2013-10-05T10:55:03.463000",
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13488"
},
{
"date": "2013-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-62810"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62845"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004509"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-020"
},
{
"date": "2013-10-07T17:56:44.673000",
"db": "NVD",
"id": "CVE-2013-2808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips Product Xper Connect Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004509"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-020"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…