We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-0683

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor



Description

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario.

Reserved 2025-01-23 | Published 2025-01-30 | Updated 2025-01-31 | Assigner icscert


HIGH: 8.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

Product status

Default status
unaffected

All versions
affected

Credits

An anonymous researcher reported these vulnerabilities to CISA. finder

References

www.cisa.gov/...vents/ics-medical-advisories/icsma-25-030-01

www.fda.gov/...s-contec-and-epsimed-fda-safety-communication

cve.org (CVE-2025-0683)

nvd.nist.gov (CVE-2025-0683)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2025-0683

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.