CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

Jan 31, 2025Ravie LakshmananVulnerability / Healthcare

The Food and Drug Administration ( FDA ) and the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) have issued warnings about the hidden functionality found in the Contec CMS8000 and Epsimed MN-120 patient monitors.

The risk, tracked as CVE-2025-0626, carries a CVSS v4 report of 7.7 on a scale of 10.0. The weakness, alongside two other issues, was reported to CISA by an unnamed outside scholar.

According to an expert from CISA,” The damaged goods sends remote entry requests to a hard-coded Internet address, bypassing existing gadget network settings.” A destructive actor might be able to post and overwrite files onto the device as a result of this.

The Contec CMS8000 system can get and kill unverified remote files thanks to the opposite backdoor, which allows for automated connectivity to a hard-coded IP address from the device. According to records that are publicly available, the IP address is not related to a supplier of medical devices or a health facility but rather a third-party university.

Two additional risks found in the tools are listed below.

    CVE-2024-12248 ( CVSS v4 report: 9.3 )- An out-of-bounds write risk that could help an intruder to take specially formatted UDP requests in order to create arbitrary information, resulting in remote code execution

  • CVE-2025-0683 ( CVSS v4 score: 8.2 )- A privacy leakage vulnerability that causes plain-text patient data to be transmitted to a hard-coded public IP address when the patient is attached to the monitor

Successful exploitation of CVE-2025-0683 could allow the device with that unspecified IP address to gain access to confidential patient information or open the door to an adversary-in-the-middle ( AitM ) scenario.

The safety flaws affect the following goods:

  • CMS8000 Patient Monitor: Device type smart3250-2.6.27-wlan2.1.7. cramfs
  • CMS8000 Patient Monitor: Firmware version CMS7.820.075.08/0.74 ( 0.75 )
  • CMS8000 Patient Monitor: Firmware version CMS7.820.120.01/0.93 ( 0.95 )
  • CMS8000 Patient Monitor: All versions ( CVE-2025-0626 and CVE-2025-0683 )

According to the FDA,” These cybersecurity risks may allow unauthorized stars to bypass security controls, gain access to and potentially manipulate the device,” adding that it is” not aware of any security incidents, injuries, or deaths related to these security vulnerabilities at this time.”

CISA advises organizations to remove and replace any Contec CMS8000 devices from their networks because these vulnerabilities are still unpatched. The items are even re-labeled and sold under the name Epsimed MN-120, which is also worth noting.

Additionally, it’s advised to examine the individual monitors for any indications of unusual working, such as “inconsistencies between the displayed individual vitals and the patient’s true physical state.”

CMS8000 Patient Monitor is manufactured by Contec Medical Systems, a designer of medical equipment that are located in Qinhuangdao, China. On its site, the company its goods are FDA-approved and distributed to over 130 countries and regions.

Found this post interesting? Following us on and Twitter to access more unique content.

DNS checker

Leave a Comment