Rule History

alert tcp $HOME_NET any -> 202.114.4.120 511 (msg:"ET POLICY Contec Health CMS8000 Patient Monitor Insecure Default HL7 Protocol Server IP (CVE-2025-0626)"; flow:stateless,to_server; reference:url,claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated; reference:cve,2025-0626; classtype:policy-violation; sid:2059840; rev:2; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_02_03, cve CVE_2025_0626, deployment Perimeter, deployment Internal, performance_impact Significant, confidence High, signature_severity Minor, updated_at 2026_01_15; target:src_ip;)