CVE-2024-12248

Name of the Vulnerable Software and Affected Versions Contec Health CMS8000 Patient Monitor versions smart3250-2.6.27-wlan2.1.7.cramfs Contec Health CMS8000 Patient Monitor versions CMS7.820.075.08/0.74(0.75) Contec Health CMS8000 Patient Monitor versions CMS7.820.120.01/0.93(0.95) Epsimed MN-120 (affected versions not specified)

Description The issue is related to an out-of-bounds write in the software of medical devices used for patient monitoring. This could allow a remote attacker to send specially formatted UDP requests to write arbitrary data, potentially resulting in remote code execution, unauthorized access to protected information, or full control over the device.

Recommendations For Contec Health CMS8000 Patient Monitor version smart3250-2.6.27-wlan2.1.7.cramfs, update the firmware to a version that fixes the out-of-bounds write issue. For Contec Health CMS8000 Patient Monitor version CMS7.820.075.08/0.74(0.75), update the firmware to a version that fixes the out-of-bounds write issue. For Contec Health CMS8000 Patient Monitor version CMS7.820.120.01/0.93(0.95), update the firmware to a version that fixes the out-of-bounds write issue. For Epsimed MN-120, at the moment, there is no information about a newer version that contains a fix for this issue.