Contec Health CMS8000
CVE-2022-3027

5.7MEDIUM

Key Information:

Vendor: Contec Health
Status: Cms8000 Contec Icu Ccu Vital Signs Patient Monitor
Vendor: CVE Published:; 1 September 2022

🔔 Create Contec Health Vulnerability Alert

What is CVE-2022-3027?

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.

Affected Version(s)

CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor All

References

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2022
Vulnerability Reserved
Aug 29, 2022

Credit

Level Nine reported these vulnerabilities to CISA.