Philips created an update that mitigates the heap-based buffer overflow in its Xper application, according to a report on ICS-CERT.
Philips has tested the update and verified that it resolves the remotely exploitable vulnerability, discovered by independent researcher Billy Rios.
The following Xper Information Management versions suffer from the issue:
• Xper Information Management Physiomonitoring 5 system components,
• Xper Information Management Vascular Monitoring 5 system components, and
• Xper Information Management (Flex Cardio product line) servers and workstations.
These products have a problem if the XperConnect Broker ends up used in line.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with administrator-level privileges, affecting the availability, integrity, and confidentiality of the system.
Philips is a global company that maintains offices in several countries around the world, including countries in Africa, Asia, Europe, Latin America, Middle East, and North America.
The affected product, Xper, is a Cardio Physiomonitoring system. According to Philips, Xper deploys across the Healthcare and Public Health sector. Philips estimates these products see use primarily in the United States and Europe with a small percentage in Asia.
The Xper Connect broker listens to Port 6000/TCP by default. By sending an HTTP request outside the bounds of the buffer to Port 6000/TCP, an attacker can cause a heap-based buffer resulting in loss of confidentiality, integrity, and availability.
CVE-2013-2808 is the number assigned to this vulnerability, which has a CVSS v2 base score of 9.3.
No known public exploits specifically target this vulnerability and an attacker with a medium skill would be able to exploit this vulnerability.
Philips released an update, XperConnect 1.5.4.053 SP2, that mitigates this vulnerability.
The update is available at the Philips web site.