The Cybersecurity Agency and Protection of the US infrastructure (CISA) and the sanitary supervision of the quality of food and medication (FDA) have issued warnings about hidden functions in patient monitors like Contec CMS8000 and Epsimed MN-120.
A vulnerability tracking as cve-2025-0626 received an estimate of 7.7 on the CVSS V4 scale out of 10 possible. In addition, two more problems were discovered, about which CISA was informed by an anonymous researcher.
“The affected devices send requests for remote access to a hardcoded IP address, bypassing existing network settings. This can be exploited as a backdoor, allowing unauthorized access to the system,” stated the report.
Backdoors can be inserted into the software either during its development or after it is already in operation (e.g., through malicious software). These backdoors can be used for espionage or to remotely control the system or device.