Agency for cybersecurity and infrastructure of the US (CISA) and the nutrition and medication administration (FDA) issued alerts for hidden functionality in Contec CMS8000 Patient monitors and Epsimed MN-320 patients monitors.
A vulnerabilitytracked as Cve-2025-0626Carries CVSS V4 7.7 on a scale of 10.0. The disadvantage, along with the two other issues, was reported by CISA anonymous external researchers.
“The affected product sends requests to distant access to the hard coded IP address, bypassing the settings of the device,” Cisa – Note In advisory. “This may be the reversible and cause the malicious actor to download and overwrite the files on the device.”
“The reverse back provides an automated connection to a solid coded IP address from the CMS8000 devices, which allows the device to download and make unverified deleted files. Publicly available records indicate that the IP address is not related to the manufacturer of medical products or medical facilities but a third university” .
Below are two more identified vulnerabilities in devices – given below –
- Cve-2014-12248 (CVSS V4 Assessment: 9.3)-Connected vulnerability that can allow the attacker to send specially formatted UDP requests to write arbitrary data, which will lead to a remote code
- Cve-2025-0683 (CVSS V4 Assessment: 8.2) —The difference of privacy leakage that causes a patient’s transfer to a simple text to a hard coded IP address when the patient is attached to the monitor
Successful Operation CVE-2025-0683 can allow the device with this uncertain IP address to access confidential information about patients or open the door for the enemy on average (AITM) scenario.
Safe holes affect the following products –
- CMS8000 Patient Monitor: Smart3250-2.27-Wlan2.1.7.cramfs version
- CMS8000 Patient Monitor: CMS7.820.075/0.74 firmware version (0.75)
- CMS8000 Patient Monitor: CMS7.820.120.01/0.93 Firmware version (0.95)
- CMS8000 Patient Monitor: All versions (Cve-2025-0626 and Cve-2025-0683)
“These vulnerabilities in cybersecurity can allow unauthorized subjects to bypass cybersecurity, accessing and potentially manipulating,” FDA – NoteAdded that “not knowing about the incidents in cybersecurity, injuries or deaths related to cybersecurity.”
Considering that these vulnerabilities remain unwavering, CISA recommends organizations to disable and delete any CMS8000 device devices from their networks. It is worth noting that the devices are also reinterpreted and sold under the name EPSimed MN-1220.
It is also recommended to check the patients’ monitors for signs of unusual functioning, such as “mismatch between the patients and the patient’s real physical condition.”
CMS8000 Monitor Monitor is made by Contec Medical Systems, the developer of medical products in China, China, Kinhuangdo. On your site, company claim Its products have been approved by FDA and extended to more than 130 countries and regions.
