{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T15:24:32.621","vulnerabilities":[{"cve":{"id":"CVE-2022-36385","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-09-13T15:15:08.480","lastModified":"2026-06-17T04:53:22.157","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device."},{"lang":"es","value":"Un actor de la amenaza con acceso momentáneo al dispositivo puede conectar una unidad USB y llevar a cabo una actualización de firmware malicioso, lo que resulta en cambios permanentes en la funcionalidad del dispositivo. No se presenta autenticación ni controles para evitar que un actor de amenaza modifique maliciosamente el firmware y lleve a cabo un ataque drive-by para cargar el firmware en cualquier dispositivo CMS8000"}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Contec Health","product":"CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor","versions":[{"version":"All","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-16T17:27:16.252781Z","id":"CVE-2022-36385","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:contechealth:cms8000_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2C197D62-6F35-4B87-A721-BDB696EA240F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:contechealth:cms8000:-:*:*:*:*:*:*:*","matchCriteriaId":"3A0CD9FA-68D7-4EEE-93A5-97275D84E2D3"}]}]}],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}