"5 Security Vulnerabilities Found in Contec Vital Signs Patient Monitors"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has issued a medical device advisory outlining five flaws discovered in Contec Health's CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. The exploitation of these vulnerabilities could allow threat actors to launch Distributed Denial-of-Service (DDoS) attacks, modify firmware, make configuration changes, or gain access to a root shell. CISA was notified of the vulnerabilities by Level Nine researchers. The most serious vulnerability, with a CVSS score of 7.5, involves complete device failure. According to the advisory, a threat actor with network access can remotely issue a specially formatted User Datagram Protocol (UDP) request, causing the entire device to crash and requiring a physical reboot. A UDP broadcast request could be sent, resulting in a DDoS on all CMS8000 devices on the same network. Another vulnerability only requires a threat actor to have brief access to the device, where they can insert a USB drive and perform a malicious firmware update. CISA noted that there are no authentication or controls in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device. The use of hard-coded credentials is the third vulnerability, with a CVSS score of 4.3. Multiple globally default credentials exist across all CMS8000 devices, which, once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Threat actors could extract patient information or change device parameters if they have access to privileged credentials. The fourth vulnerability is caused by improperly configured compiler settings, which significantly reduces the amount of effort required for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities. The fifth vulnerability is due to insufficient access control. The CMS8000 device, according to the researchers, does not properly control or sanitize the SSID name of a new Wi-Fi access point. This article continues to discuss the vulnerabilities found in Contec Health's CMS8000 devices as well as recommendations that could help healthcare organizations reduce the risk of exploitation. 

HealthITSecurity reports "5 Security Vulnerabilities Found in Contec Vital Signs Patient Monitors"