The US Cyber Security and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) issued an alert about the presence of the functionality hidden in the Contec CMS8000 patient monitor and EPSIMED MN-120 patient monitor.
Pulpy, tracked as Cve-2025-0626The CVSS V4 of 7.7 score at a scale of 10.0. The blame with two other issues, CISA was informed by an anonymous external researcher.
Sisa said in an advisor, “The affected product sends remote access requests to a hard-coded IP address, bypassing the existing device network settings to do so.” “It can act as a back door and be able to upload and transfers a malicious actor to upload and over -overflow files on the device.”
“Reverse Backdoor Contec CMS8000 devices provide automatic connectivity for a hard-coded IP address, allowing the device to download and execute unproven remote files. Publicly available records that IP address is a medical device. The manufacturer or medical facility is not associated with a third-party university. “
Two other identified weaknesses in devices are listed below –
- Cve-2024-12248 (CVSS V4 Score: 9.3)-An out-of-bounds have written vulnerability that may allow an attacker to send a specially formatted UDP request to write arbitrary data, resulting
- Cve-2025-0683 (CVSS V4 Score: 8.2)-A privacy leakage vulnerability that causes a simple-coded public data to be sent to a hard-coded public IP address when the patient is connected to the monitor
The successful exploitation of the CVE-2025-0683 may allow the device to get information from the confidential patient with that unspecified IP address or to open the door for an anti-in-in-media landscape.
Security holes affect the following products –
- CMS8000 Patient Monitor: Firmware Edition Smart3250-2.6.27- Wlan2.1.7.Cramfs
- CMS8000 patient monitor: firmware version CMS7.820.075.08/0.74 (0.75)
- CMS8000 patient monitor: firmware version CMS7.820.01/0.93 (0.95)
- CMS8000 Patient Monitor: All Editions (CVE-2025-0626 and CVE-2025-0683)
The FDA said, “These cyber security weaknesses can allow unauthorized actors to bypass cyber security controls, manipulate the device potentially, and manipulate them potentially,” at this time any cyber security incidents, injuries or Do not know about deaths. ,
Given that these weaknesses are unpublished, CISA recommends the organization to unplug and remove any Contec CMS8000 equipment from its network. It is worth noting that the equipment is re -labeled and sold as the appsimed MN -120.
It is also advised to monitor the patient for any signal of unusual functioning, such as “discrepancies between the patient Vital and the actual physical condition of the patient.”
The CMS8000 patient monitor is produced by the Contec Medical System, a developer of medical devices located in Kinhuangadao, China. On its website, the company claims that its products are FDA-edited and are distributed in more than 130 countries and regions.
