ET INFO Contec Health CMS8000 Patient Monitor Insecure Default CMS Protocol Server IP (CVE-2025-0626)

7.0.35.0SID: 2059841Rev: 3Enabled125 views
Sourceet/open
Fileemerging-info.rules
CreatedFebruary 3, 2025
UpdatedJanuary 15, 2026
Classificationpolicy-violation
alert tcp $HOME_NET any -> 202.114.4.119 [515:520] (msg:"ET INFO Contec Health CMS8000 Patient Monitor Insecure Default CMS Protocol Server IP (CVE-2025-0626)"; flow:stateless,to_server; reference:url,claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated; reference:cve,2025-0626; classtype:policy-violation; sid:2059841; rev:3; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_02_03, cve CVE_2025_0626, deployment Perimeter, deployment Internal, performance_impact Significant, confidence High, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2026_01_15; target:src_ip;)

Metadata

attack targetClient_Endpoint
tls stateplaintext
created at2025_02_03
deploymentInternal
performance impactSignificant
confidenceHigh
signature severityUnknown
tagDescription_Generated_By_Proofpoint_Nexus
updated at2026_01_15

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!