We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario.
Reserved 2025-01-23 | Published 2025-01-30 | Updated 2025-01-31 | Assigner icscertCWE-359 Exposure of Private Personal Information to an Unauthorized Actor
An anonymous researcher reported these vulnerabilities to CISA.
www.cisa.gov/...vents/ics-medical-advisories/icsma-25-030-01
www.fda.gov/...s-contec-and-epsimed-fda-safety-communication
Support options