VulnCheck KEV: CVE-2024-12248

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

VulnCheck KEV: CVE-2025-0683

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

EUVD-2022-41038

Malicious code in bioql PyPI...

EUVD-2022-42461

Malicious code in bioql PyPI...

EUVD-2022-40674

Malicious code in bioql PyPI...

EUVD-2022-39098

Malicious code in bioql PyPI...

EUVD-2024-50712

Malicious code in bioql PyPI...

Contec Health CMS8000 Patient Monitor 安全漏洞

The Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor that stems from an update binary that attempts to install to a hard-coded routable IP address, thereby bypassing existing devi...

CVE-2025-0626

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...

CVE-2024-12248

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

CISA: Contec CMS8000 Contains a Backdoor

This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address and functionality that enables patient data...

CVE-2025-0626 Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...

CVE-2025-0626

The CVE-2025-0626 entry concerns Contec CMS8000 (patient monitor) firmware. The seeable vulnerability is in the monitor’s embedded backdoor function within the firmware’s monitor binary, which attempts to mount to a hard-coded, routable IP address and can enable the device’s network interface if ...

CVE-2024-12248

CVE-2024-12248 affects the Contec Health CMS8000 Patient Monitor. The issue is an out-of-bounds write that could let an attacker send specially crafted UDP requests to write arbitrary data, enabling remote code execution over the network. Reported details confirm the vulnerability impacts CMS8000...

CVE-2024-12248 Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware

CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP...

Contec Health CMS8000 Patient Monitor 安全漏洞

Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor. An attacker could exploit the vulnerability to upload and overwrite files on the device...

Contec Health CMS8000 Patient Monitor 安全漏洞

Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor. An attacker can exploit the vulnerability to send specially formatted UDP requests to write arbitrary data...

PT-2025-3988 · Epsimed +1 · Epsimed Mn-120 Patient Monitor +1

Name of the Vulnerable Software and Affected Versions: Contec Health CMS8000 Patient Monitor affected versions not specified Epsimed MN-120 patient monitor affected versions not specified Description: The affected product sends out remote access requests to a hard-coded IP address, bypassing...