VulnCheck KEV: CVE-2025-0683

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

VulnCheck KEV: CVE-2024-12248

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

EUVD-2022-40674

Malicious code in bioql PyPI...

EUVD-2022-42461

Malicious code in bioql PyPI...

EUVD-2024-50712

Malicious code in bioql PyPI...

EUVD-2022-41038

Malicious code in bioql PyPI...

EUVD-2022-39098

Malicious code in bioql PyPI...

Contec Health CMS8000 Patient Monitor 安全漏洞

The Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor that stems from an update binary that attempts to install to a hard-coded routable IP address, thereby bypassing existing devi...

CVE-2025-0626

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...

CVE-2024-12248

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

The vulnerability of the microprogrammed software of medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 arises from the fact that the output of operations may escape the buffer in memory. This allows an intruder to gain unauthorized access to protected information, execute arbitrary codes, or gain full control over the device.

The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protecte...

The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices lies in the fact that they send requests to a rigidly encoded external IP address. This allows attackers to circumvent security restrictions and upload or re-upload files onto the devices.

The vulnerability of the microprogrammed software in medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 lies in the fact that requests are sent to a rigidly encoded external IP address. Exploiting this vulnerability allows an attacker to bypass security restrictions and...

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

CISA: Contec CMS8000 Contains a Backdoor

This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address and functionality that enables patient data...

CVE-2025-0626 Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...

CVE-2025-0626

The CVE-2025-0626 issue concerns Contec CMS8000 CMS8000 Patient Monitor firmware where the monitor binary attempts to mount to a hard-coded routable IP, bypassing device network settings, and can enable the network interface if it is disabled. Triggered during a device update from the user menu, ...

CVE-2024-12248

The CVE-2024-12248 issue affects Contec Health CMS8000 Patient Monitor. It is an out-of-bounds write vulnerability allowing an attacker to craft UDP requests to write arbitrary data, potentially enabling remote code execution. Connected documents confirm the affected product family (CMS8000 CMS a...

CVE-2024-12248 Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware

CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP...

Contec Health CMS8000 Patient Monitor 安全漏洞

Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor. An attacker could exploit the vulnerability to upload and overwrite files on the device...