CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0683 – Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2025-0683
30 Jan 2025 — In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario. In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a lea... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0626 – Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor
https://notcve.org/view.php?id=CVE-2025-0626
30 Jan 2025 — The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device. Contec Health CMS8000 Patient Monitor sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the... • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01 • CWE-912: Hidden Functionality •