CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1204
https://notcve.org/view.php?id=CVE-2025-1204
25 Feb 2025 — The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device. • https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated?ref=vault33.org • CWE-912: Hidden Functionality •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0683 – Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2025-0683
30 Jan 2025 — In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a lea... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0626 – Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2025-0626
30 Jan 2025 — The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device. The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The funct... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-912: Hidden Functionality •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46509
https://notcve.org/view.php?id=CVE-2023-46509
27 Oct 2023 — An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Un problema en Contec SolarView Compact v.6.0 y anteriores permite a un atacante ejecutar código arbitrario a través del componente texteditor.php. • https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 11%CPEs: 2EXPL: 2CVE-2023-40924
https://notcve.org/view.php?id=CVE-2023-40924
08 Sep 2023 — SolarView Compact < 6.00 is vulnerable to Directory Traversal. SolarView Compact < 6.00 es vulnerable a Directory Traversal. • https://github.com/Yobing1/CVE-2023-40924 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 11%CPEs: 1EXPL: 0CVE-2023-29154
https://notcve.org/view.php?id=CVE-2023-29154
01 Jun 2023 — SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page. • https://jvn.jp/en/vu/JVNVU93372935 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28399
https://notcve.org/view.php?id=CVE-2023-28399
01 Jun 2023 — Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program. • https://jvn.jp/en/vu/JVNVU93372935 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28824
https://notcve.org/view.php?id=CVE-2023-28824
01 Jun 2023 — Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database. • https://jvn.jp/en/vu/JVNVU93372935 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28713
https://notcve.org/view.php?id=CVE-2023-28713
01 Jun 2023 — Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user. • https://jvn.jp/en/vu/JVNVU93372935 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28657
https://notcve.org/view.php?id=CVE-2023-28657
01 Jun 2023 — Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user. • https://jvn.jp/en/vu/JVNVU93372935 • CWE-862: Missing Authorization •