ICSMA-22-244-01 · Published 2025-01-30 · View on CISA ICS-CERT ↗

Contec Health CMS8000 Patient Monitor (Update A)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow a threat actor to cause a denial-of-service condition, modify firmware with physical access to the device, access a root shell, or employ hard-coded credentials to make configuration changes.

CVEs (5)

CVE-2022-36385 CVE-2022-38100 CVE-2022-38069 CVE-2022-38453 CVE-2022-3027

Remediations

Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.

Affected Vendors

Contec Health

Affected Products (3)

Contec Health · CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor <=smart3250-2.6.27-wlan2.1.7.cramfs

Contec Health · CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor <=CMS7.820.075.08/0.740.75

Contec Health · CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor <=CMS7.820.120.01/0.930.95

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more