// For flags

CVE-2013-2808

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

Desobrdamiento de búffer basado en memoria dinámica de componentes Xper en Philips Xper Information Management Physiomonitoring 5, componentes Xper Information Management Vascular Monitoring 5, y servidores y estaciones de trabajo Xper Information Management para productos Flex Cardio anterior a XperConnect 1.5.4.053 SP2 permite a atacantes remotos ejecutar código arbitrario a través de peticiones HTTP manipuladas al broker Connect en el puerto 6000 de TCP.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-04-11 CVE Reserved
  • 2013-10-05 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-10-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
URL Tag Source
http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01 Us Government Resource
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Philips
Search vendor "Philips"
 Xper Information Management Physiomonitoring 5
Search vendor "Philips" for product "Xper Information Management Physiomonitoring 5"
--
Affected
in Philips
Search vendor "Philips"
 Xperconnect
Search vendor "Philips" for product "Xperconnect"
 <= 1.5.4.053
Search vendor "Philips" for product "Xperconnect" and version " <= 1.5.4.053"
-
Affected
Philips
Search vendor "Philips"
 Xper Information Management Vascular Monitoring 5
Search vendor "Philips" for product "Xper Information Management Vascular Monitoring 5"
--
Affected
in Philips
Search vendor "Philips"
 Xperconnect
Search vendor "Philips" for product "Xperconnect"
 <= 1.5.4.053
Search vendor "Philips" for product "Xperconnect" and version " <= 1.5.4.053"
-
Affected
Philips
Search vendor "Philips"
 Xper Flex Cardio
Search vendor "Philips" for product "Xper Flex Cardio"
--
Affected
in Philips
Search vendor "Philips"
 Xperconnect
Search vendor "Philips" for product "Xperconnect"
 <= 1.5.4.053
Search vendor "Philips" for product "Xperconnect" and version " <= 1.5.4.053"
-
Affected