{"uuid": "ef590220-936b-4bad-a04d-fea5234fae47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware", "description": "CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE \u2013 912: Hidden Functionality\n(CVE-2025-0626), and functionality that enables patient data spillage, CWE \u2013 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683\n\n), exists in all versions analyzed.\n\nPlease note the Contec CMS8000 may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA\u2019s safety communication, Cybersecurity Vulnerabilities with Certain Patient Monitors from Contec and Epsimed: FDA Safety Communication.\n\nContec Medical Systems, the company which manufactures this monitor as well as other medical device and healthcare solutions, is headquartered in Qinhuangdao, China. The Contec CMS8000 is used in medical settings across the U.S. and European Union to provide continuous monitoring of a patient\u2019s vital signs\u2014tracking electrocardiogram, heart rate, blood oxygen saturation, non-invasive blood pressure, temperature, and respiration rate. CISA assesses that inclusion of this backdoor in the firmware of the patient monitor can create conditions which may allow remote code execution and device modification with the ability to alter its configuration. This introduces risk to patient safety as a malfunctioning patient monitor could lead to an improper response to patient vital signs.\n\nCISA strongly urges HPH sector organizations review the fact sheet and implement FDA's mitigations. Visit CISA\u2019s Healthcare and Public Health Cybersecurity page to learn more about how to help improve cybersecurity within the HPH sector. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA\u2019s Cross-Sector Cybersecurity Performance Goals.\n\n[Reference](https://www.cisa.gov/news-events/alerts/2025/01/30/cisa-releases-fact-sheet-detailing-embedded-backdoor-function-contec-cms8000-firmware)", "creation_timestamp": "2025-01-31T14:10:50.910125+00:00", "timestamp": "2025-01-31T14:10:50.910125+00:00", "related_vulnerabilities": ["CVE-2025-0683", "CVE-2025-0626"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}