NIHON KOHDEN Central Monitor CNS-6201

Monitor7.5ICS-CERT ICSMA-25-296-01Oct 23, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A null pointer dereference vulnerability (CWE-476) in the NIHON KOHDEN Central Monitor CNS-6201 allows a remote attacker without authentication to cause a denial-of-service condition by sending a specially crafted network packet. The affected versions (01-03, 01-04, 01-05, 01-06, 02-10, 02-11, 02-40) are no longer supported; maintenance ended in September 2024 in the United States and earlier in other regions. The vulnerability carries a CVSS score of 7.5 (high) and affects patient monitoring availability in hospital environments.

What this means

What could happen

An attacker with network access could remotely crash the CNS-6201 central monitor, causing it to stop displaying patient vital signs and alarm data. Recovery requires manual intervention, leaving the unit unavailable during an active incident.

Who's at risk

Hospital and healthcare facilities operating NIHON KOHDEN CNS-6201 central monitors. This device aggregates and displays patient vital signs (heart rate, blood pressure, SpO2, etc.) for bedside and remote monitoring. Any organization still using end-of-life versions (01-03 through 02-40) is at risk of losing critical patient data visibility.

How it could be exploited

An attacker with network access to the CNS-6201 sends a specially crafted network request that triggers a null pointer dereference in the monitor's software, causing the application to crash and become unresponsive.

Prerequisites

Network access to the CNS-6201 device
No authentication required
No special configuration needed

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systemsend-of-life product

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (7)

7 EOL

ProductAffected VersionsFix Status

Central Monitor CNS-6201: 01-0401-04No fix (EOL)

Central Monitor CNS-6201: 01-0501-05No fix (EOL)

Central Monitor CNS-6201: 01-0601-06No fix (EOL)

Central Monitor CNS-6201: 02-1002-10No fix (EOL)

Central Monitor CNS-6201: 02-1102-11No fix (EOL)

Central Monitor CNS-6201: 02-4002-40No fix (EOL)

Central Monitor CNS-6201: 01-0301-03No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGIsolate the CNS-6201 from the Internet and all untrusted networks

HARDENINGImplement a firewall or router between the CNS-6201 network and other hospital systems (HIS), allowing only minimum necessary traffic

WORKAROUNDDeploy bedside monitors or medical telemetry systems as redundant vital sign displays to ensure patient monitoring capability if the CNS-6201 fails

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor all network traffic reaching the CNS-6201 and log suspicious connection attempts

HARDENINGIf remote access is required, use a VPN to secure the connection and keep it updated to the latest version

Long-term hardening

0/1

HOTFIXPlan migration to a successor CNS product that is actively supported by NIHON KOHDEN

CVEs (1)

CVE-2025-59668

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b9675016-8569-47eb-9a5f-536a435aa08a