PT-2025-7902 · Contec Health · Contec Health Cms8000 Patient Monitor
Published
2025-02-25
·
Updated
2025-03-08
·
CVE-2025-1204
CVSS v4.0
7.7
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Contec Health - CMS8000 Patient Monitor (affected versions not specified)
Description
The issue concerns the "update" binary in the firmware of the affected product, which sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings. This function is triggered if the 'C' button is pressed at a specific time during the boot process. If an attacker can control or impersonate this IP address, they could upload and overwrite files on the device.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Hidden Functionality
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Contec Health Cms8000 Patient Monitor