CVE-2022-3027 - Vulnerability Details - OpenCVE

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Contechealth	Cms8000 Cms8000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:contechealth:cms8000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:contechealth:cms8000:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

History

Wed, 16 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-09-13T14:54:58.631Z

Updated: 2025-04-16T16:10:02.402Z

Reserved: 2022-08-29T00:00:00.000Z

Link: CVE-2022-3027

Vulnrichment

Updated: 2024-08-03T00:53:00.651Z

NVD

Status : Modified

Published: 2022-09-13T15:15:09.257

Modified: 2024-11-21T07:18:39.823

Link: CVE-2022-3027

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor", "vendor": "Contec Health", "versions": [{"status": "affected", "version": "All"}]}], "credits": [{"lang": "en", "value": "Level Nine reported these vulnerabilities to CISA."}], "datePublic": "2022-09-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T14:54:58.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}], "source": {"advisory": "ICSMA-22-244-01", "discovery": "EXTERNAL"}, "title": "Contec Health CMS8000", "workarounds": [{"lang": "en", "value": "Contec Health has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Contec Health for additional information.\n\nThe following mitigations could assist in reducing the risk for exploitation of vulnerabilities:\n\nDisabling UART functionality at the CPU level\nEnforcing unique device authentication before granting access to the terminal / bootloader\nWhere possible, enforcing secure boot. \nTamper stickers on the device casing to indicate when a device has been opened"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-09-01T17:00:00.000Z", "ID": "CVE-2022-3027", "STATE": "PUBLIC", "TITLE": "Contec Health CMS8000"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor", "version": {"version_data": [{"version_affected": "=", "version_name": "All", "version_value": "All"}]}}]}, "vendor_name": "Contec Health"}]}}, "credit": [{"lang": "eng", "value": "Level Nine reported these vulnerabilities to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}]}, "source": {"advisory": "ICSMA-22-244-01", "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Contec Health has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Contec Health for additional information.\n\nThe following mitigations could assist in reducing the risk for exploitation of vulnerabilities:\n\nDisabling UART functionality at the CPU level\nEnforcing unique device authentication before granting access to the terminal / bootloader\nWhere possible, enforcing secure boot. \nTamper stickers on the device casing to indicate when a device has been opened"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:53:00.651Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:50:01.916127Z", "id": "CVE-2022-3027", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:10:02.402Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-3027", "datePublished": "2022-09-13T14:54:58.631Z", "dateReserved": "2022-08-29T00:00:00.000Z", "dateUpdated": "2025-04-16T16:10:02.402Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor", "vendor": "Contec Health", "versions": [{"status": "affected", "version": "All"}]}], "credits": [{"lang": "en", "value": "Level Nine reported these vulnerabilities to CISA."}], "datePublic": "2022-09-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-13T14:54:58.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}], "source": {"advisory": "ICSMA-22-244-01", "discovery": "EXTERNAL"}, "title": "Contec Health CMS8000", "workarounds": [{"lang": "en", "value": "Contec Health has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Contec Health for additional information.\n\nThe following mitigations could assist in reducing the risk for exploitation of vulnerabilities:\n\nDisabling UART functionality at the CPU level\nEnforcing unique device authentication before granting access to the terminal / bootloader\nWhere possible, enforcing secure boot. \nTamper stickers on the device casing to indicate when a device has been opened"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-09-01T17:00:00.000Z", "ID": "CVE-2022-3027", "STATE": "PUBLIC", "TITLE": "Contec Health CMS8000"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor", "version": {"version_data": [{"version_affected": "=", "version_name": "All", "version_value": "All"}]}}]}, "vendor_name": "Contec Health"}]}}, "credit": [{"lang": "eng", "value": "Level Nine reported these vulnerabilities to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}]}, "source": {"advisory": "ICSMA-22-244-01", "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Contec Health has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Contec Health for additional information.\n\nThe following mitigations could assist in reducing the risk for exploitation of vulnerabilities:\n\nDisabling UART functionality at the CPU level\nEnforcing unique device authentication before granting access to the terminal / bootloader\nWhere possible, enforcing secure boot. \nTamper stickers on the device casing to indicate when a device has been opened"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:53:00.651Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3027", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-16T15:50:01.916127Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:50:04.131Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-3027", "datePublished": "2022-09-13T14:54:58.631Z", "dateReserved": "2022-08-29T00:00:00.000Z", "dateUpdated": "2025-04-16T16:10:02.402Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:contechealth:cms8000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C197D62-6F35-4B87-A721-BDB696EA240F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:contechealth:cms8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A0CD9FA-68D7-4EEE-93A5-97275D84E2D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information."}, {"lang": "es", "value": "El dispositivo CMS8000 no controla o sanea apropiadamente el nombre SSID de un nuevo punto de acceso Wi-Fi. Un actor de la amenaza podr\u00eda crear un SSID con un nombre malicioso, incluyendo caracteres no est\u00e1ndar que, cuando el dispositivo intenta conectarse al SSID malicioso, el dispositivo puede ser explotado para escribir archivos arbitrarios o mostrar informaci\u00f3n incorrecta"}], "id": "CVE-2022-3027", "lastModified": "2024-11-21T07:18:39.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T15:15:09.257", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}