CVE-2025-1204
HIGHContec Health CMS8000 Patient Monitor - Unauthenticated Arbitrary File Write via Hardcoded Update IP
Title source: llmDescription
The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated?ref=vault33.org
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01
Scores
CVSS v4
7.7
EPSS
0.0045
EPSS Percentile
35.3%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-912
Status
published
Products (1)
Contec Health/CMS8000 Patient Monitor
Published
Feb 25, 2025
Tracked Since
Feb 18, 2026