CVE-2025-1204

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device.

CVSS

No CVSS.

References

Link	Resource
https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated?ref=vault33.org
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01

Configurations

No configuration.

History

No history.

Information

Published : 2025-02-25 17:15

Updated : 2025-02-25 17:15

NVD link : CVE-2025-1204

Mitre link : CVE-2025-1204

CVE.ORG link : CVE-2025-1204

JSON object : View

Products Affected

No product.

CWE

CWE-912

Hidden Functionality

{"id": "CVE-2025-1204", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-25T17:15:14.057", "references": [{"url": "https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated?ref=vault33.org", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-912"}]}], "descriptions": [{"lang": "en", "value": "The \"update\" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device."}, {"lang": "es", "value": "El binario \"update\" en el firmware del producto afectado env\u00eda intentos de montaje a una direcci\u00f3n IP enrutable y codificada, omitiendo para ello la configuraci\u00f3n de red existente del dispositivo. La funci\u00f3n se activa si se presiona el bot\u00f3n \"C\" en un momento espec\u00edfico durante el proceso de arranque. Si un atacante puede controlar o suplantar esta direcci\u00f3n IP, podr\u00eda cargar y sobrescribir archivos en el dispositivo."}], "lastModified": "2025-02-25T17:15:14.057", "sourceIdentifier": "[email protected]"}

CVE-2025-1204

JSON object

Attach tags to CVE-2025-1204

Attach tags to `CVE-2025-1204`