Sign-up

ID

VAR-201310-0198


CVE

CVE-2013-2808


TITLE

plural Philips Product Xper Connect Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004509

DESCRIPTION

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Xper is a physiological testing system that is mostly deployed in the medical and public health sectors. Xper Connect is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions prior to Xper Connect 1.5.4.053 SP2 is vulnerable. Philips Xper Information Management Physiomonitoring, etc. are all components in the healthcare information system (Xper Cardiovascular Workflow Solution) of Philips, the Netherlands. The solution provides workflow charting, registry management, real-time hemodynamic monitoring and reporting, and more. A heap-based buffer overflow vulnerability exists in the Philips Xper application

Trust: 2.52

sources: NVD: CVE-2013-2808 // JVNDB: JVNDB-2013-004509 // CNVD: CNVD-2013-13488 // BID: 62845 // VULHUB: VHN-62810

AFFECTED PRODUCTS

vendor:philipsmodel:xper information management physiomonitoring 5scope:eqversion: -

Trust: 1.6

vendor:philipsmodel:xper information management vascular monitoring 5scope:eqversion: -

Trust: 1.6

vendor:philipsmodel:xper flex cardioscope:eqversion: -

Trust: 1.6

vendor:philipsmodel:xperconnectscope:lteversion:1.5.4.053

Trust: 1.0

vendor:philipsmodel:xper connectscope:ltversion:1.5.4.053 sp2

Trust: 0.8

vendor:philipsmodel:xper flex cardioscope:eqversion:product xper information management server and work station

Trust: 0.8

vendor:philipsmodel:xper information management physiomonitoring 5scope:eqversion:component

Trust: 0.8

vendor:philipsmodel:xper information management vascular monitoring 5scope:eqversion:component

Trust: 0.8

vendor:koninklijkemodel:philips n.v. xper connectscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-13488 // JVNDB: JVNDB-2013-004509 // CNNVD: CNNVD-201310-020 // NVD: CVE-2013-2808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2808
value: HIGH

Trust: 1.0

NVD: CVE-2013-2808
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13488
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201310-020
value: CRITICAL

Trust: 0.6

VULHUB: VHN-62810
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2808
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13488
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-62810
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13488 // VULHUB: VHN-62810 // JVNDB: JVNDB-2013-004509 // CNNVD: CNNVD-201310-020 // NVD: CVE-2013-2808

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-62810 // JVNDB: JVNDB-2013-004509 // NVD: CVE-2013-2808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-020

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201310-020

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004509

PATCH
title:Xper Flex Cardio Physiomonitoring Systemurl:http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/flex_cardio_physiomonitoring.wpd
Trust: 0.8
title:Xper Physiomonitoring 5url:http://www.healthcare.philips.com/main/products/cath_lab_exp/xper_info_mgt/
Trust: 0.8
title:Xper Connecturl:http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/connect.wpd
Trust: 0.8
title:Xper Vascular Monitoring 5url:http://www.healthcare.philips.com/us_en/products/cath_lab_exp/xper_info_mgt/vascular_monitoring.wpd
Trust: 0.8
title:Patch for Xper Connect Remote Heap Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/40000
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13488 // 
            
            
            
            JVNDB: JVNDB-2013-004509

EXTERNAL IDS
db:NVDid:CVE-2013-2808
Trust: 3.4
db:ICS CERTid:ICSA-13-277-01
Trust: 3.1
db:BIDid:62845
Trust: 1.0
db:JVNDBid:JVNDB-2013-004509
Trust: 0.8
db:CNNVDid:CNNVD-201310-020
Trust: 0.7
db:CNVDid:CNVD-2013-13488
Trust: 0.6
db:VULHUBid:VHN-62810
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-13488 // 
            
            
            
            VULHUB: VHN-62810 // 
            
            
            
            BID: 62845 // 
            
            
            
            JVNDB: JVNDB-2013-004509 // 
            
            
            
            CNNVD: CNNVD-201310-020 // 
            
            
            
            NVD: CVE-2013-2808

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-277-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2808
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2808
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2013-13488 // 
            
            
            
            VULHUB: VHN-62810 // 
            
            
            
            JVNDB: JVNDB-2013-004509 // 
            
            
            
            CNNVD: CNNVD-201310-020 // 
            
            
            
            NVD: CVE-2013-2808

CREDITS
Billy Rios
Trust: 0.3
sources:
            
            
            BID: 62845

SOURCES
db:CNVDid:CNVD-2013-13488
db:VULHUBid:VHN-62810
db:BIDid:62845
db:JVNDBid:JVNDB-2013-004509
db:CNNVDid:CNNVD-201310-020
db:NVDid:CVE-2013-2808

LAST UPDATE DATE
2025-04-11T23:16:36.674000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13488date:2013-10-10T00:00:00
db:VULHUBid:VHN-62810date:2013-10-07T00:00:00
db:BIDid:62845date:2013-10-04T00:00:00
db:JVNDBid:JVNDB-2013-004509date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-020date:2013-10-08T00:00:00
db:NVDid:CVE-2013-2808date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-13488date:2013-10-09T00:00:00
db:VULHUBid:VHN-62810date:2013-10-05T00:00:00
db:BIDid:62845date:2013-10-04T00:00:00
db:JVNDBid:JVNDB-2013-004509date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-020date:2013-10-08T00:00:00
db:NVDid:CVE-2013-2808date:2013-10-05T10:55:03.463