ET INFO Contec Health CMS8000 Patient Monitor Insecure Default HL7 Protocol Server IP (CVE-2025-0626)
Sourceet/open
Fileemerging-info.rules
CreatedFebruary 3, 2025
UpdatedJanuary 15, 2026
Classificationpolicy-violation
alert tcp $HOME_NET any -> 202.114.4.120 511 (msg:"ET INFO Contec Health CMS8000 Patient Monitor Insecure Default HL7 Protocol Server IP (CVE-2025-0626)"; flow:stateless,to_server ; reference:url,claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated ; reference:cve,2025-0626 ; classtype:policy-violation; sid:2059840; rev:3; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_02_03, cve CVE_2025_0626, deployment Perimeter, deployment Internal, performance_impact Significant, confidence High, signature_severity Minor, updated_at 2026_01_15; target:src_ip;)
References
Metadata
attack targetClient_Endpoint
tls stateplaintext
created at2025_02_03
deploymentInternal
performance impactSignificant
confidenceHigh
signature severityMinor
updated at2026_01_15
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!