Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The Hacker News by The Hacker News
January 31, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 31, 2025Ravie LakshmananVulnerability / Healthcare

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors.

The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA by an anonymous external researcher.

“The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so,” CISA said in an advisory. “This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device.”

Cybersecurity

“The reverse backdoor provides automated connectivity to a hard-coded IP address from the Contec CMS8000 devices, allowing the device to download and execute unverified remote files. Publicly available records show that the IP address is not associated with a medical device manufacturer or medical facility but a third-party university.”

Two other identified vulnerabilities in the devices are listed below –

  • CVE-2024-12248 (CVSS v4 score: 9.3) – An out-of-bounds write vulnerability that could allow an attacker to send specially formatted UDP requests in order to write arbitrary data, resulting in remote code execution
  • CVE-2025-0683 (CVSS v4 score: 8.2) – A privacy leakage vulnerability that causes plain-text patient data to be transmitted to a hard-coded public IP address when the patient is attached to the monitor

Successful exploitation of CVE-2025-0683 could allow the device with that unspecified IP address to gain access to confidential patient information or open the door to an adversary-in-the-middle (AitM) scenario.

The security holes affect the following products –

  • CMS8000 Patient Monitor: Firmware version smart3250-2.6.27-wlan2.1.7.cramfs
  • CMS8000 Patient Monitor: Firmware version CMS7.820.075.08/0.74(0.75)
  • CMS8000 Patient Monitor: Firmware version CMS7.820.120.01/0.93(0.95)
  • CMS8000 Patient Monitor: All versions (CVE-2025-0626 and CVE-2025-0683)
Cybersecurity

“These cybersecurity vulnerabilities can allow unauthorized actors to bypass cybersecurity controls, gaining access to and potentially manipulating the device,” the FDA said, adding it’s “not aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time.”

Given that these vulnerabilities remain unpatched, CISA is recommending that organizations unplug and remove any Contec CMS8000 devices from their networks. It’s worth noting that the devices are also re-labeled and sold under the name Epsimed MN-120.

It’s also advised to check the patient monitors for any signs of unusual functioning, such as “inconsistencies between the displayed patient vitals and the patient’s actual physical state.”

CMS8000 Patient Monitor is manufactured by Contec Medical Systems, a developer of medical devices that are located in Qinhuangdao, China. On its website, the company claims its products are FDA-approved and distributed to over 130 countries and regions.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Stocks making the biggest moves premarket: Apple, Atlassian, Walgreens, Deckers and more

Stocks making the biggest moves premarket: Apple, Atlassian, Walgreens, Deckers and more

Recommended.

New Indicium Data Migration Service Combines AI Agents, Human Expertise

New Indicium Data Migration Service Combines AI Agents, Human Expertise

June 11, 2025
Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years

Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years

March 25, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio