Security News > 2025 > January > CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
2025-01-31 13:10
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA
News URL
https://thehackernews.com/2025/01/cisa-and-fda-warn-of-critical-backdoor.html
Related news
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- Patient monitors with backdoor are sending info to China, CISA warns (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-30 | CVE-2025-0626 | The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. | 0.0 |