Summary: The cybersecurity agency CISA and the FDA have urged healthcare organizations to remove Contec CMS8000 patient monitors due to severe cybersecurity risks, including remote code execution and device tampering. Vulnerabilities in the device’s firmware could result in unauthorized access and patient data exfiltration, posing threats to patient safety. Multiple security flaws have been identified, and no software patches are available.
Affected: Contec Medical Systems, FDA, CISA, healthcare organizations in the US
Keypoints :
- Contec CMS8000 monitors contain vulnerabilities allowing remote attackers to execute arbitrary code and modify configurations.
- Three significant vulnerabilities have been tracked through CVEs, with one scoring 9.3 on the CVSS scale, indicating a high risk.
- No software patches are available for these vulnerabilities, and users are advised to remove the devices from networks and disconnect them from the internet.
Source: https://www.securityweek.com/cisa-fda-warn-of-dangerous-backdoor-in-contec-patient-monitors/