The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.
The backdoor on Contec CMS8000 patient-monitoring devices could allow an IP address at an unnamed university to remotely download and execute unverified files, according to CISA.
There are valid questions, many of which revolve around how and why it’s used.
Some systems have brain damaged approaches to diagnostics/logging, license enforcement, or remote service/update systems that create security holes but are not intentionally malicious.
Security is hard and we should remember Hanlon’s Razor.
I get lots of mileage out of Hanlon’s Razor, and I acknowledge the rampant incompetence that suggests its applicability, but digital security seems like about the least appropriate place to apply this rule of thumb.