CVE-2022-38069 MEDIUM

CVE-2022-38069: Contec Health CMS8000

Vendor Contec Health
Product CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor
Weakness CWE-798 · Hardcoded credentials
Published September 13, 2022
Last update April 16, 2025

CVSS base score

4.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters

Key dates

02Disclosure timeline

September 13, 2022 CVE published
April 16, 2025 Record updated