Vulnerabilities > CVE-2022-38100 - Unspecified vulnerability in Contechealth Cms8000 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

contechealth

NVD

Published: 2022-09-13

Updated: 2023-07-21

Summary

The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network.

Vulnerable Configurations

Part	Description	Count
OS	Contechealth Contechealth Cms8000 Firmware -	1
Hardware	Contechealth Contechealth Cms8000 -	1

References

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01