Contec Health CMS8000
CVE-2022-38069

4.3MEDIUM

Key Information:

Vendor: Contec Health
Status: Cms8000 Contec Icu Ccu Vital Signs Patient Monitor
Vendor: CVE Published:; 13 September 2022

🔔 Create Contec Health Vulnerability Alert

What is CVE-2022-38069?

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters

Affected Version(s)

CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor All

References

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Aug 29, 2022

Credit

Level Nine reported these vulnerabilities to CISA.