CVE-2024-12248: Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor

9.3 CVSS

Description

The affected product is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.

Classification

CVE ID: CVE-2024-12248

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor: Contec Health

Product: CMS8000 Patient Monitor

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01

Timeline

2025-01-31 00:30:13 UTC
CVE

Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor