CVE-2024-12248

CRITICAL EXPLOITED

Contec Health CMS8000 Patient Monitor - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2024-12248 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.

References (2)

Core 2

Core References

Various Sources

https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01

Scores

CVSS v3 9.8

EPSS 0.0119

EPSS Percentile 64.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-01-20

CWE

CWE-787

Status published

Products (3)

Contec Health/CMS8000 Patient Monitor Firmware version CMS7.820.075.08/0.74(0.75)

Contec Health/CMS8000 Patient Monitor Firmware version CMS7.820.120.01/0.93(0.95)

Contec Health/CMS8000 Patient Monitor Firmware version smart3250-2.6.27-wlan2.1.7.cramfs

Published Jan 30, 2025

Tracked Since Feb 18, 2026