CVE-2013-2808
Last modified
CVE-2013-2808 is a vulnerability of currently unknown severity. Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.. EPSS estimates a 4.35% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Philips | Xper Information Management Physiomonitoring 5 | All versions |
| Philips | Xperconnect | <= 1.5.4.053 |
| Philips | Xper Information Management Vascular Monitoring 5 | All versions |
| Philips | Xper Flex Cardio | All versions |
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01US Government Resource
- http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-2808?
How severe is CVE-2013-2808?
How do I fix CVE-2013-2808?
Are you affected by CVE-2013-2808?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST