Data Transmission Vulnerability in Medical Monitoring Systems by CISA
CVE-2025-0683
8.2HIGH
What is CVE-2025-0683?
The medical monitoring system transmits patient data in plain text to a hard-coded public IP address in its default configuration. This flaw poses a risk of confidential patient information being intercepted by unauthorized devices or attackers in a man-in-the-middle attack. This risk could lead to severe privacy violations, making it crucial for organizations to assess their configurations and protect patient data adequately.
Affected Version(s)
CMS8000 Patient Monitor All versions
News Articles
The Hacker NewsCVE-2025-0683CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Unpatched vulnerabilities in Contec CMS8000 patient monitors expose devices to remote access, file overwrites, and data leaks.
References
CVSS V4
Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
- đź“°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved
Credit
An anonymous researcher reported these vulnerabilities to CISA.