Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Contec Health CMS8000
Vulnerability Description
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 访问控制错误漏洞
Vulnerability Description
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor是Contec Health公司的一款生命体征病人监护仪。 Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor存在访问控制错误漏洞,该漏洞源于具有设备瞬时访问权限的威胁行为人可以插入USB驱动器并执行恶意固件更新,从而导致设备功能的永久性更改。
CVSS Information
N/A
Vulnerability Type
N/A