173 matches found
CVE-2025-0626 Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor
The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...
CVE-2025-0626
The CVE-2025-0626 issue concerns Contec CMS8000 CMS8000 Patient Monitor firmware where the monitor binary attempts to mount to a hard-coded routable IP, bypassing device network settings, and can enable the network interface if it is disabled. Triggered during a device update from the user menu, ...
CVE-2024-12248 Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor
Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...
CVE-2024-12248 Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor
Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...
CVE-2024-12248
The CVE-2024-12248 issue affects Contec Health CMS8000 Patient Monitor. It is an out-of-bounds write vulnerability allowing an attacker to craft UDP requests to write arbitrary data, potentially enabling remote code execution. Connected documents confirm the affected product family (CMS8000 CMS a...
CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware
CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health HPH sector. Analysts discovered that an embedded backdoor function with a hard-coded IP...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on January 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-030-01 Hitachi Energy UNEM ICSA-25-030-02 New Rock Technologies Cloud Connected...
Contec Health CMS8000 Patient Monitor 安全漏洞
Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor that originates from allowing the transmission of plain text patient data to a hard-coded public IP address...
Contec Health CMS8000 Patient Monitor 安全漏洞
Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor. An attacker could exploit the vulnerability to upload and overwrite files on the device...
Contec Health CMS8000 Patient Monitor 安全漏洞
Contec Health CMS8000 Patient Monitor is a vital signs patient monitor from Contec Japan. A security vulnerability exists in the Contec Health CMS8000 Patient Monitor. An attacker can exploit the vulnerability to send specially formatted UDP requests to write arbitrary data...
PT-2025-3988 · Epsimed +1 · Epsimed Mn-120 Patient Monitor +1
Name of the Vulnerable Software and Affected Versions: Contec Health CMS8000 Patient Monitor affected versions not specified Epsimed MN-120 patient monitor affected versions not specified Description: The affected product sends out remote access requests to a hard-coded IP address, bypassing...
PT-2025-1790 · Epsimed +1 · Epsimed Mn-120 +1
Name of the Vulnerable Software and Affected Versions: Contec Health CMS8000 Patient Monitor versions smart3250-2.6.27-wlan2.1.7.cramfs Contec Health CMS8000 Patient Monitor versions CMS7.820.075.08/0.740.75 Contec Health CMS8000 Patient Monitor versions CMS7.820.120.01/0.930.95 Epsimed MN-120...
SolarView Compact 6.00 Code Injection
============================================================================================================================================= | Title : SolarView Compact 6.00 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...
CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component...
CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component...
CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component...
Code injection
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component...
CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component...
PT-2023-6758 · Contec · Contec Solarview Compact
Name of the Vulnerable Software and Affected Versions: Contec SolarView Compact versions 6.0 and earlier Description: The issue is related to incorrect code generation management in the texteditor.php component of the Contec SolarView Compact software, which can allow an attacker to execute...
CVE-2023-46509
CVE-2023-46509 affects Contec SolarView Compact 6.0 and earlier. The vulnerability is in the texteditor.php component due to incorrect code-generation management, enabling a remote attacker to execute arbitrary code. Impact is reported as arbitrary code execution; no exploit details are provided ...