CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1204
https://notcve.org/view.php?id=CVE-2025-1204
25 Feb 2025 — The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device. • https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated?ref=vault33.org • CWE-912: Hidden Functionality •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0683 – Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2025-0683
30 Jan 2025 — In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a lea... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0626 – Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2025-0626
30 Jan 2025 — The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device. The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The funct... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-912: Hidden Functionality •