Philips Fixes Buffer Overflow

Monday, October 7, 2013 @ 05:10 PM gHale


Philips created an update that mitigates the heap-based buffer overflow in its Xper application, according to a report on ICS-CERT.

Philips has tested the update and verified that it resolves the remotely exploitable vulnerability, discovered by independent researcher Billy Rios.

RELATED STORIES
Bug in Siemens SCALANCE X-200
Emerson Patches RTU Holes
Schneider Continues Quantum Fixes
Mitsubishi ActiveX Control Bug

The following Xper Information Management versions suffer from the issue:
• Xper Information Management Physiomonitoring 5 system components,
• Xper Information Management Vascular Monitoring 5 system components, and
• Xper Information Management (Flex Cardio product line) servers and workstations.

These products have a problem if the XperConnect Broker ends up used in line.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with administrator-level privileges, affecting the availability, integrity, and confidentiality of the system.

Philips is a global company that maintains offices in several countries around the world, including countries in Africa, Asia, Europe, Latin America, Middle East, and North America.

The affected product, Xper, is a Cardio Physiomonitoring system. According to Philips, Xper deploys across the Healthcare and Public Health sector. Philips estimates these products see use primarily in the United States and Europe with a small percentage in Asia.

The Xper Connect broker listens to Port 6000/TCP by default. By sending an HTTP request outside the bounds of the buffer to Port 6000/TCP, an attacker can cause a heap-based buffer resulting in loss of confidentiality, integrity, and availability.

CVE-2013-2808 is the number assigned to this vulnerability, which has a CVSS v2 base score of 9.3.

No known public exploits specifically target this vulnerability and an attacker with a medium skill would be able to exploit this vulnerability.

Philips released an update, XperConnect 1.5.4.053 SP2, that mitigates this vulnerability.

The update is available at the Philips web site.



Leave a Reply

You must be logged in to post a comment.