Quick Links: Skip to main page content Skip to Search Skip to Topics Menu Skip to Common Links
  • Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

MAUDE Adverse Event Report: CONTEC MEDICAL SYSTEMS CO. CONTEC CMS8000 ICS PATIENT MONITOR; MONITOR, CARDIAC (INCL. CARDIOTACHOMETER & RATE ALARM)
  • Print
  • Share
  • E-mail
-
Super Search Devices@FDA
510(k) | DeNovo | Registration & Listing | Adverse Events | Recalls | PMA | HDE | Classification | Standards
CFR Title 21 | Radiation-Emitting Products | X-Ray Assembler | Medsun Reports | CLIA | TPLC
 

CONTEC MEDICAL SYSTEMS CO. CONTEC CMS8000 ICS PATIENT MONITOR; MONITOR, CARDIAC (INCL. CARDIOTACHOMETER & RATE ALARM) Back to Search Results
Model Number CMS8000
Health Effect - Clinical Code No Clinical Signs, Symptoms or Conditions (4582)
Type of Reportable Event Malfunction
Event or Problem Description
There is a serious cyber security vulnerability in the contec cms8000 ics patient monitor.This vulnerability was discovered as part of our work with arpa-h (https://arpa-h.Gov/) under the digiheals (https://arpa-h.Gov/research-andfunding/programs/digiheals) program in an effort to improve hospital and medical device cybersecurity.This vulnerability was disclosed to cisa (https://www.Cisa.Gov/coordinated-vulnerability-disclosure-process) on july 24, 2024.
=
description
=
the cms800 device does not perform bounds checking while parsing network data sent by a threat actor.A threat actor with network access can remotely issue a specially formatted udp request that will allow them to write arbitrary data, leading to remote code execution (rce) with root privileges and persistence.Two sequential udp broadcast requests could be sent that cause a mass takeover of all cme8000 devices connected to the same network.(b)(4).
 
Search Alerts/Recalls

  New Search  |  Submit an Adverse Event Report

Brand Name
CONTEC CMS8000 ICS PATIENT MONITOR
Common Device Name
MONITOR, CARDIAC (INCL. CARDIOTACHOMETER & RATE ALARM)
Manufacturer (Section D)
CONTEC MEDICAL SYSTEMS CO.
MDR Report Key20291070
Report NumberMW5159958
Device Sequence Number7429214
Product Code DRT
Combination Product (Y/N)N
Initial Reporter StateVA
Initial Reporter CountryUS
Number of Events Summarized1
Summary Report (Y/N)N
Reporter Type Voluntary
Initial Reporter Occupation Unknown
Type of Report Initial
Report Date (Section B) 09/16/2024
1 Device was Involved in the Event
1 Patient was Involved in the Event
Is this an Adverse Event Report? No
Is this a Product Problem Report? Yes
Device Model NumberCMS8000
Was Device Available for Evaluation? Yes
Initial Date Received by Manufacturer Not provided
Initial Report FDA Received Date09/20/2024
Patient Sequence Number1
Patient SexUnknown
-
-