Vulnerability Description
In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01
- https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerab
- https://www.bleepingcomputer.com/news/security/backdoor-found-in-two-healthcare-
- https://www.cisa.gov/resources-tools/resources/contec-cms8000-contains-backdoor
- https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerab
FAQ
What is CVE-2025-0683?
CVE-2025-0683 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to...
How severe is CVE-2025-0683?
CVE-2025-0683 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0683?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.