Vulnerabilities > CVE-2022-36385 - Unspecified vulnerability in Contechealth Cms8000 Firmware

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

contechealth

NVD

Published: 2022-09-13

Updated: 2022-09-15

Summary

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.

Vulnerable Configurations

Part	Description	Count
OS	Contechealth Contechealth Cms8000 Firmware -	1
Hardware	Contechealth Contechealth Cms8000 -	1

References

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01