In yet another example of the importance of comprehensive visibility into IoT and similar devices that reside on your network, on January 30, 2025 CISA announced the discovery of a backdoor in the Contec CMS8000, a commonly used continuous medical monitoring solution of patient’s vital signs used across the U.S. and European Union.
The CISA Contec CMS8000 (see Figure 1) contains a Backdoor Fact Sheet notes the backdoor exists in all firmware versions and “…can create conditions which may allow remote code execution and device modification with the ability to alter its configuration. This introduces risk to patient safety as a malfunctioning monitor could lead to improper responses to vital signs displayed by the device.”
The Fact Sheet goes on to provide in-depth details on specific FDA mitigation recommendations for patients, caregivers, healthcare providers, and staff.
Bottom line: Since all available Contec CMS8000 (and re-labeled reseller models) firmware versions fail to eliminate the backdoor functionality, use only local monitoring capabilities—do not use any remote functionality which includes disconnecting all internet access (unplug the Ethernet cable and disable wireless).
Given the prevalence of IoT, OT, and ICS assets specifically at the edge, it is critical NetOps and SecOps maintain up-to-date inventories of all endpoints, devices, and infrastructure across their environment with an emphasis at the dynamic network perimeter. The capability to perform integrated, ongoing vulnerability scanning is an added plus. These are beneficial for many reasons including allowing IT teams to rapidly detect when a new, unauthorized asset has been added or enabling them to quickly react when alerted to questionable assets—the Contec CMS8000 above being yet another textbook example of this. Vulnerability scanning using capabilities like Nmap is also essential to rooting out threats before they can be exploited.
Look for tools like the NetAlly CyberScope® that connect directly at the edge to discover and inventory IT resources, then perform detailed vulnerability scanning and other security analysis. This will help find devices that might otherwise be missed while also eliminating undetected security gaps providing you peace of mind that your network perimeter is locked down and protected.
