{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T10:33:02.032","vulnerabilities":[{"cve":{"id":"CVE-2022-3027","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-09-13T15:15:09.257","lastModified":"2026-06-17T04:58:39.927","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information."},{"lang":"es","value":"El dispositivo CMS8000 no controla o sanea apropiadamente el nombre SSID de un nuevo punto de acceso Wi-Fi. Un actor de la amenaza podría crear un SSID con un nombre malicioso, incluyendo caracteres no estándar que, cuando el dispositivo intenta conectarse al SSID malicioso, el dispositivo puede ser explotado para escribir archivos arbitrarios o mostrar información incorrecta"}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Contec Health","product":"CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor","versions":[{"version":"All","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-16T15:50:01.916127Z","id":"CVE-2022-3027","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:contechealth:cms8000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2C197D62-6F35-4B87-A721-BDB696EA240F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:contechealth:cms8000:-:*:*:*:*:*:*:*","matchCriteriaId":"3A0CD9FA-68D7-4EEE-93A5-97275D84E2D3"}]}]}],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}