173 matches found
CVE-2025-34080
The Contec Co.,Ltd. CONPROSYS HMI System CHS is vulnerable to Cross-Site Scripting XSS in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System CHS: before 3.7.7...
CVE-2025-34081
The Contec Co.,Ltd. CONPROSYS HMI System CHS exposes a PHP phpinfo debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System CHS: before 3.7.7...
CVE-2025-34080
The Contec Co.,Ltd. CONPROSYS HMI System CHS is vulnerable to Cross-Site Scripting XSS in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System CHS: before 3.7.7...
CVE-2025-34080 CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting
The Contec Co.,Ltd. CONPROSYS HMI System CHS is vulnerable to Cross-Site Scripting XSS in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System CHS: before 3.7.7...
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.7.7, which stems from cross-site scripting ...
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.7.7, which originates from an unauthenticat...
CVE-2025-0683
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...
CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component...
CVE-2022-36159
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface an...
CVE-2022-36158
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mntcmd.cgi...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-056-01 Rockwell Automation PowerFlex 755 ICSMA-25-030-01 Contec Health CMS8000 Patien...
Contec Health CMS8000 Patient Monitor 安全漏洞
The Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor that stems from an update binary that attempts to install to a hard-coded routable IP address, thereby bypassing existing devi...
CVE-2025-0626
The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...
CVE-2024-12248
Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...
CISA: Contec CMS8000 Contains a Backdoor
This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address and functionality that enables patient data...
CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...
CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...
CVE-2025-0683
The CVE-2025-0683 entry affects Contec Health CMS8000 Patient Monitor. In its default configuration, it transmits plain-text patient data to a hard-coded public IP address, enabling potential data leakage to any device on that IP and enabling MITM-like interception. Public advisories (CISA ICS wa...
CVE-2025-0626
The CVE-2025-0626 issue concerns Contec CMS8000 CMS8000 Patient Monitor firmware where the monitor binary attempts to mount to a hard-coded routable IP, bypassing device network settings, and can enable the network interface if it is disabled. Triggered during a device update from the user menu, ...