ET POLICY Contec Health CMS8000 Patient Monitor Insecure Default HL7 Protocol Server IP (CVE-2025-0626)

SID: 2059840Rev: 289 viewsHistory

Sourceet/open

CreatedFebruary 3, 2025

UpdatedJanuary 15, 2026

Classificationpolicy-violation

alert tcp $HOME_NET any -> 202.114.4.120 511 (msg:"ET POLICY Contec Health CMS8000 Patient Monitor Insecure Default HL7 Protocol Server IP (CVE-2025-0626)"; flow:stateless,to_server; reference:url,claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated; reference:cve,2025-0626; classtype:policy-violation; sid:2059840; rev:2; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_02_03, cve CVE_2025_0626, deployment Perimeter, deployment Internal, performance_impact Significant, confidence High, signature_severity Minor, updated_at 2026_01_15; target:src_ip;)

References

url	claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated
cve	2025-0626

Metadata

attack targetClient_Endpoint

tls stateplaintext

created at2025_02_03

cveCVE-2025-0626

deploymentInternal

performance impactSignificant

confidenceHigh

signature severityMinor

updated at2026_01_15

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!