CyberSecurity news
FlagThis
@www.fda.gov
//
The FDA and CISA have issued warnings regarding cybersecurity vulnerabilities found in Contec CMS8000 and Epsimed MN-120 patient monitors. These monitors, often used for remote patient care in homes and hospice settings, present potential risks when connected to the internet. The agencies advise users to disconnect these devices from the network where possible.
These vulnerabilities could allow unauthorized access and manipulation of the devices. CISA discovered a backdoor function with a hard-coded IP address in all analyzed firmware versions of the Contec CMS8000. The identified risks include the potential for unauthorized transmission of patient data and remote code execution, with one vulnerability scoring a critical 9.8 CVSS. These patient monitors display vital patient information including temperature, heartbeat and blood pressure.
ImgSrc: www.fda.gov
References :
These vulnerabilities could allow unauthorized access and manipulation of the devices. CISA discovered a backdoor function with a hard-coded IP address in all analyzed firmware versions of the Contec CMS8000. The identified risks include the potential for unauthorized transmission of patient data and remote code execution, with one vulnerability scoring a critical 9.8 CVSS. These patient monitors display vital patient information including temperature, heartbeat and blood pressure.
ImgSrc: www.fda.gov
Share:
References :
- securityboulevard.com: Security Boulevard article on the vulnerabilities in Contec and Epsimed patient monitors.
- AAKL: Claroty, from yesterday: Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated…
Classification:
- HashTags: #MedicalDeviceSecurity #Contec #Epsimed
- Company: Contec, Epsimed
- Target: Patients using Contec and Epsimed monitors
- Product: Patient monitors
- Feature: Medical device security
- Type: Vulnerability
- Severity: Major