Lucene search

[email protected]CVE-2022-38100

HistorySep 13, 2022 - 3:15 p.m.

CVE-2022-38100

2022-09-1315:15:08

CWE-400

[email protected]

web.nvd.nist.gov

cms800

remote code execution

network security

denial-of-service

udp

nvd

cve-2022-38100

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network.

Affected configurations

NVD

Node

contechealthcms8000_firmwareMatch-

AND

contechealthcms8000Match-

CPENameOperatorVersion
contechealth:cms8000_firmwarecontechealth cms8000 firmwareeq-

CPE	Name	Operator	Version
contechealth:cms8000_firmware	contechealth cms8000 firmware	eq	-

CNA Affected

[
  {
    "product": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor",
    "vendor": "Contec Health",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVE-2022-38100

nvd1 prion1 cvelist1 ics1