ICSMA-25-030-01 · Published 2025-02-25 · View on CISA ICS-CERT ↗

Contec Health CMS8000 Patient Monitor (Update A)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would allow them to write arbitrary data, resulting in remote code execution. The device may also leak patient information and sensor data to the same unknown external network. Simultaneous exploitation of all vulnerable devices on a shared network is possible.

CVEs (4)

CVE-2024-12248 CVE-2025-0626 CVE-2025-0683 CVE-2025-1204

Remediations

Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.
If asset owners cannot remove the devices from their networks, users should block 202.114.4.0/24 from their networks, or block 202.114.4.119 and 202.114.4.120.
Please note that this device may be re-labeled and sold by resellers. For a list of known re-labeled devices, please refer to FDA's safety communication.

Affected Vendors

Contec Health

Affected Products (4)

Contec Health · CMS8000 Patient Monitor Firmware smart3250-2.6.27-wlan2.1.7.cramfs

Contec Health · CMS8000 Patient Monitor Firmware CMS7.820.075.08/0.74(0.75)

Contec Health · CMS8000 Patient Monitor Firmware CMS7.820.120.01/0.93(0.95)

Contec Health · CMS8000 Patient Monitor vers:all/*

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more