CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.
Last week, the Cybersecurity and Infrastructure Security Agency (CISA), alongside the US Food and Drug Administration (FDA), raised an alert for Contec CMS8000 and Epsimed MN-120 healthcare monitors, warning they potentially put patients at risk once connected to the Internet, due to a malicious, hidden backdoor embedded into the devices. But security researchers say the issue isn't actually intentional malware but, rather, just insecure design.
https://www.darkreading.com/vulnerabili ... d-backdoor