The US Cyber Security and Infrastructure Security Bureau (CISA) and the Food Pharmaceutical Bureau (FDA) have issued alerts on the existence of a CMS 8000 patient monitor and the Epsimed MN-20 patient monitor.
The vulnerability tracked as the CVE-2025-0626 is equipped with a CVSS V4 score 7.7 on a 10.0 scale. The flaws were reported to CISA by anonymous external researchers, along with the other two issues.
“The affected product will bypass the existing device network settings and send a remote access request to the hard -coded IP address,” CISA said in advisory. “This functions as a backdoor so that malicious actors can upload and overwrite files on the device.”
“The reverse backdoor provides automatic connection from the Contec CMS8000 device to the hard -coded IP address so that the device can download and execute unidentified remote files. But a third -party university.”
The other two other identified vulnerabilities in the device are listed below-
CVE-2024-12248 (CVSS V4 Score: 9.3) -Arstable vulnerabilities that allow the attacker to send a specially formatted UDP request, describe any data, and execute a remote code execution CVE-2025-0683 (CVSS V4 Score : 8.2) – Privacy leak vulnerabilities that send the patient data of plain text to the hard -coded public IP address when the patient is attached to the monitor
With the success of the exploitation of CVE-2025-0683, devices with that indefinite IP address can access confidential patient information or open a door to the intermediate (AITM) scenario.
Security hole affects the following products-
CMS8000 Patient Monitor: Farm Wear version SMART3250-2.1.1.1.7.crams8000 Patient version CMS7.820.075.08 (0.75) CMS8000 Patient Monitor: Farmware version 7.820.120.01/0.93 (0.9) CMS8000 Patient monitor: All versions (CVE-2025-0626 and CVE-2025-0683)
“These cyber security vulnerabilities allow unaccepted actors to bypass cyber security control, acquire access to devices, and operate them potentially,” FDA said, “said FDA. “Cyber security vulnerabilities or deaths or deaths related to these cyber security vulnerabilities.
Given that these vulnerabilities are still, CISA recommends that the organization removes and deletes the Contec CMS8000 device from the network. It is worth noting that the device is also re-labeled and sold under the name MN-120.
It is also advised to check the monitor of the patient on signs of abnormal functions, such as “a contradiction between the vitals of the displayed patient and the patient’s actual physical condition.”
The CMS8000 patient monitor is manufactured by Contec Medical Systems, a developer of medical devices in Qinhuangdao in China. The website claims that the product has already been approved for FDA and is distributed to more than 130 countries and regions.
Source link
