CVE-2025-0683
published 2025-01-30CVE-2025-0683: In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is…
PriorityP179medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.76%
50.8th percentile
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text
patient data to a hard-coded public IP address when a patient is hooked
up to the monitor. This could lead to a leakage of confidential patient
data to any device with that IP address or an attacker in a
machine-in-the-middle scenario.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contec_health | cms8000_patient_monitor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor outbound network traffic from Contec Health CMS8000 Patient Monitor devices for unencrypted (plain-text) patient data transmissions to unexpected or hard-coded external public IP addresses. ↗
- →Inspect network traffic for machine-in-the-middle scenarios involving CMS8000 devices, particularly unencrypted data flows destined for a hard-coded external IP. ↗
- ·The vulnerable behavior is present in the default configuration of the device — no special setup is required for exploitation. ↗
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h39w-8pq5-8qh2: In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to
ghsa_unreviewed·2025-01-30
CVE-2025-0683 [HIGH] CWE-359 GHSA-h39w-8pq5-8qh2: In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to
In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario.
VulnCheck
Exposure of Private Personal Information to an Unauthorized Actor
vulncheck·2025·CVSS 8.2
CVE-2025-0683 [HIGH] Exposure of Private Personal Information to an Unauthorized Actor
Exposure of Private Personal Information to an Unauthorized Actor
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text
patient data to a hard-coded public IP address when a patient is hooked
up to the monitor. This could lead to a leakage of confidential patient
data to any device with that IP address or an attacker in a
machine-in-the-middle scenario.
Affected: Contec Health CMS8000 Patient Monitor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-2025; https://www.trellix.com/assets/reports/trellix-healthcare-cybersecurity-threat-intelligence-r
No detection rules found.
No public exploits indexed.
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communicationhttps://www.bleepingcomputer.com/news/security/backdoor-found-in-two-healthcare-patient-monitors-linked-to-ip-in-china/https://www.cisa.gov/resources-tools/resources/contec-cms8000-contains-backdoorhttps://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication
2025-01-30
Published
Exploited in the wild