OTPulse

NIHON KOHDEN Central Monitor CNS-6201

MonitorCVSS 7.5ICS-CERT ICSMA-25-296-01Oct 23, 2025
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The NIHON KOHDEN Central Monitor CNS-6201 contains a null pointer dereference vulnerability (CWE-476) that can be exploited remotely without authentication to cause a denial-of-service condition. Affected versions include 01-03, 01-04, 01-05, 01-06, 02-10, 02-11, and 02-40. The vendor has ended maintenance support for this product as of September 2024 in the United States and earlier in other regions, and no patches will be released. The vulnerability could prevent the monitor from displaying patient vital signs.

What this means
What could happen
An attacker could cause the NIHON KOHDEN Central Monitor CNS-6201 to become unresponsive or crash, disrupting patient monitoring in a hospital and potentially affecting clinical care decisions.
Who's at risk
Hospitals and healthcare facilities relying on NIHON KOHDEN Central Monitor CNS-6201 for patient vital sign monitoring. This includes intensive care units (ICUs), operating rooms, emergency departments, and any patient care area using this centralized patient monitoring system. The affected device is used for continuous display and trending of patient data from multiple bedside monitors.
How it could be exploited
An attacker with network access to the CNS-6201 can send a specially crafted network packet that triggers a null pointer dereference (CWE-476), causing the monitor to crash or hang and cease displaying patient vital signs.
Prerequisites
  • Network access to the Central Monitor CNS-6201
  • No authentication required
Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAffects safety-critical medical deviceEnd-of-life product
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (7)
7 EOL
ProductAffected VersionsFix Status
Central Monitor CNS-6201: 01-0401-04No fix (EOL)
Central Monitor CNS-6201: 01-0501-05No fix (EOL)
Central Monitor CNS-6201: 01-0601-06No fix (EOL)
Central Monitor CNS-6201: 02-1002-10No fix (EOL)
Central Monitor CNS-6201: 02-1102-11No fix (EOL)
Central Monitor CNS-6201: 02-4002-40No fix (EOL)
Central Monitor CNS-6201: 01-0301-03No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGIsolate the CNS-6201 from the Internet and block access from untrusted networks using firewalls or network segmentation
HARDENINGIf HIS integration is required, deploy a boundary firewall or router between the monitoring network and other networks, allowing only necessary traffic
HARDENINGEnable network monitoring and logging on all traffic to the CNS-6201 to detect suspicious access attempts
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDImplement redundant monitoring using bedside monitors or medical telemetry systems as backup in case CNS-6201 becomes unavailable
View full CISA ICS-CERT advisory
API: /api/v1/advisories/b9675016-8569-47eb-9a5f-536a435aa08a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.