CISA has identified a backdoor in Contec CMS8000 devices that could allow unauthorized access to patient data and disrupt ...

Functionality in the device firmware sends patient data to a hardcoded IP address that also downloads and executes binary ...

On Jan. 30, The Cybersecurity Infrastructure & Security Agency (CISA) released an alert, complemented by a notification from the US FDA suggesting that the Contec CMS8000 patient monitor and OEM ...

The threat was discovered in three firmware versions for a patient monitor called the Contec CMS8000 (also sold as the Epsimed MN-120), which can display a user’s vitals, including heart rate ...

The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning about Contec CMS8000, a patient monitor used in hospitals and clinical settings to track vital signs such ...

suggesting that the Contec CMS8000 patient monitor and OEM white-label variants contain a backdoor communicating to a Chinese IP address.

There are some interesting questions afoot, with the news that the Contec CMS8000 medical monitoring system has a backdoor. And this isn’t the normal debug port accidentally left in the firmware.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends ...

The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.