CVE-2025-0683:
Vulnerability in Contec Health CMS8000 Patient Monitor where, in default configuration, it transmits plain-text patient data to a hard-coded public IP address, potentially exposing confidential information to unauthorized actors or during MITM interception.
Score
A numerical rating that indicates how dangerous this vulnerability is.
5.9Medium- Published Date:Jan 30, 2025
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.2
- EPSS Percentile:36%
Exploitability
- Score:2.2
- Attack Vector:NETWORK
- Attack Complexity:HIGH
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:3.6
- Confidentiality Impact:HIGH
- Integrity Impact:NONE
- Availability Impact:NONE
Description Preview
Vulnerability in Contec Health CMS8000 Patient Monitor where, in default configuration, it transmits plain-text patient data to a hard-coded public IP address, potentially exposing confidential information to unauthorized actors or during MITM interception.
Overview
This CVE describes a network-exposed data disclosure vulnerability in the Contec Health CMS8000 Patient Monitor. When a patient is connected, the device sends unencrypted patient data to a hard-coded public IP, enabling potential data leakage to anyone who can reach that IP or to an attacker conducting a man-in-the-middle on the network. The issue requires no user interaction and does not grant privileges, placing patient confidentiality at risk across all versions. Regulatory bodies have issued advisories urging immediate action, including removing such devices from networks and reviewing device labeling to identify re-labeled units.
Remediation
- Immediately remove any Contec CMS8000 devices from networks per FDA guidance and related CISA advisories.
- If the device must remain temporarily online, isolate it on a segregated network with strict access controls and monitor all outbound traffic, especially connections to the hard-coded IP.
- Review FDA safety communications and CISA advisories for current mitigations and guidance; verify whether devices are re-labeled and identify affected inventory.
- Engage with the vendor (Contec Health) for any available mitigations, firmware updates, or recommended configuration changes; document any vendor guidance and planned decommissioning.
- Plan for replacement with more secure devices and implement network segmentation and ongoing security monitoring to limit exposure from any legacy devices.
- Update incident response and risk management documentation; ensure clinical staff are informed about the risk and containment steps.
References
- - [ICS Advisory ICSMA-25-030-01 – Exposure of Private Personal Information vulnerability in Contec CMS8000 Patient Monitor](https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01)
- - [FDA Safety Communication – Cybersecurity vulnerabilities in certain patient monitors (Contec and EPSIMed)](https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication)
- - [CISA – Contec CMS8000 contains backdoor](https://www.cisa.gov/resources-tools/resources/contec-cms8000-contains-backdoor)
- - [BleepingComputer – Backdoor found in two healthcare patient monitors linked to IP in China](https://www.bleepingcomputer.com/news/security/backdoor-found-in-two-healthcare-patient-monitors-linked-to-ip-in-china/)
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
