Contec Health CMS8000 Patient Monitor (Update A)

Monitor7.5ICS-CERT ICSMA-22-244-01Sep 1, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Contec CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor contains multiple security vulnerabilities (CWE-1263, CWE-770, CWE-798, CWE-489, CWE-419) that allow denial-of-service conditions, firmware modification with physical access, unauthorized root shell access, and exploitation of hard-coded credentials for unauthorized configuration changes. All identified firmware versions (smart3250-2.6.27-wlan2.1.7.cramfs and all CMS7 versions) are affected with no vendor patches available.

What this means

What could happen

An attacker with physical access to the CMS8000 patient monitor could modify its firmware, gain root shell access, or use hard-coded credentials to reconfigure the device, potentially disrupting critical patient monitoring during ICU/CCU operations.

Who's at risk

ICU and CCU units relying on Contec CMS8000 patient monitors for continuous vital sign monitoring should be aware that these devices contain vulnerabilities that could be exploited by anyone with physical access to modify device behavior or interrupt monitoring capability.

How it could be exploited

An attacker with physical access to the device could exploit weak firmware protections or hard-coded credentials embedded in the system to gain elevated access. The attacker could then modify firmware, reconfigure device settings, or cause service disruption, affecting real-time patient vital sign monitoring in the ICU/CCU environment.

Prerequisites

Physical access to the CMS8000 device
Knowledge of hard-coded credentials or ability to exploit weak firmware validation mechanisms

No patch available (end-of-life product)Hard-coded credentials presentAffects safety/clinical monitoring systemsFirmware modification possibleMultiple vulnerability types (weak credential management, resource exhaustion, lack of authentication)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor: <=smart3250-2.6.27-wlan2.1.7.cramfs≤ smart3250-2.6.27-wlan2.1.7.cramfsNo fix yet

CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor: <=CMS7.820.075.08/0.740.75≤ CMS7.820.075.08/0.740.75No fix yet

CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor: <=CMS7.820.120.01/0.930.95≤ CMS7.820.120.01/0.930.95No fix yet

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRemove Contec CMS8000 devices from clinical networks per FDA recommendation

HARDENINGIf CMS8000 devices must remain in service, isolate them behind firewalls and restrict access from business/IT networks

HARDENINGPerform impact analysis on patient care workflows and identify replacement patient monitoring solution before removal

Long-term hardening

0/1

HARDENINGImplement physical security controls to restrict direct access to CMS8000 devices in ICU/CCU areas

CVEs (5)

CVE-2022-36385 CVE-2022-38100 CVE-2022-38069 CVE-2022-38453 CVE-2022-3027

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7f552996-d400-442b-ab1c-c3355f457ba9