Vulnerability Description
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Philips | Xper Information Management Physiomonitoring 5 | - |
| Philips | Xperconnect | <= 1.5.4.053 |
| Philips | Xper Information Management Vascular Monitoring 5 | - |
| Philips | Xper Flex Cardio | - |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01US Government Resource
- http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01US Government Resource
FAQ
What is CVE-2013-2808?
CVE-2013-2808 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management s...
How severe is CVE-2013-2808?
CVE-2013-2808 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2808?
Check the references section above for vendor advisories and patch information. Affected products include: Philips Xper Information Management Physiomonitoring 5, Philips Xperconnect, Philips Xper Information Management Vascular Monitoring 5, Philips Xper Flex Cardio.