The vulnerability of the microprogrammed software of medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 arises from the fact that the output of operations may escape the buffer in memory. This allows an intruder to gain unauthorized access to protected information, execute arbitrary codes, or gain full control over the device.

🗓️ 04 Feb 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

CMS8000 and Epsimed MN-120 have buffer overflow flaws enabling remote access or code execution via UDP.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-12248	30 Jan 202518:23	–	circl
CNNVD	Contec Health CMS8000 Patient Monitor 安全漏洞	30 Jan 202500:00	–	cnnvd
CVE	CVE-2024-12248	30 Jan 202518:17	–	cve
Cvelist	CVE-2024-12248 Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor	30 Jan 202518:17	–	cvelist
EUVD	EUVD-2024-50712	3 Oct 202520:07	–	euvd
ICS	Contec Health CMS8000 Patient Monitor (Update A)	30 Jan 202507:00	–	ics
NVD	CVE-2024-12248	30 Jan 202519:15	–	nvd
Positive Technologies	PT-2025-1790 · Epsimed +1 · Epsimed Mn-120 +1	5 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-12248	5 Feb 202510:30	–	redhatcve
The Hacker News	CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors	31 Jan 202513:10	–	thn

Source	Link
cisa	www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01
fda	www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication
vuldb	www.vuldb.com/ru/
xakep	www.xakep.ru/2025/02/03/contec-backdoor/
web	www.web.nvd.nist.gov/view/vuln/detail
cisa	www.cisa.gov/news-events/ics-medical-advisories/icsma--25-030-01

04 Feb 2025 00:00Current

8.7High risk

Vulners AI Score8.7

CVSS 39.8

CVSS 210

EPSS0.01189

Cms8000 Patient Monitor Epsimed MN-120 Medical Device Buffer Overflow Remote Access Arbitrary Code Execution Device Control User Datagram Protocol Protected Information Access