CVE-2024-12248

CRITICAL

9.8

Beschreibung

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/30/2025

Zuletzt geandert1/31/2025

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-787

Referenzen

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01(ics-cert@hq.dhs.gov)

https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-patient-monitors-contec-and-epsimed-fda-safety-communication(ics-cert@hq.dhs.gov)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.