PT-2025-4002 · Contec Health · Contec Health Cms8000 Patient Monitor
Published
2025-01-23
·
Updated
2025-02-01
·
CVE-2025-0683
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Contec Health CMS8000 Patient Monitor version
Description
The issue involves the transmission of plain-text patient data to a hard-coded public IP address when a patient is connected to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario.
Recommendations
Contec Health CMS8000 Patient Monitor version : Update the configuration to encrypt patient data transmission and avoid using hard-coded public IP addresses.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Contec Health Cms8000 Patient Monitor