CVE-2022-3027 MEDIUM

CVE-2022-3027: Contec Health CMS8000

Vendor Contec Health
Product CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor
Weakness CWE-284
Published September 13, 2022
Last update April 16, 2025

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.

Key dates

02Disclosure timeline

September 13, 2022 CVE published
April 16, 2025 Record updated