Cyber Resilience

CVE-2024-12248

Critical

Published: 30 January 2025

Published
30 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0416 88.9th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12248 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Cisa (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 11.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-12248 is an out-of-bounds write vulnerability (CWE-787) affecting the Contec Health CMS8000 Patient Monitor. The flaw enables an attacker to send specially formatted UDP requests that allow writing arbitrary data outside intended memory bounds, potentially resulting in remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

Any unauthenticated attacker with network access to the affected device can exploit this vulnerability by crafting and transmitting malicious UDP packets. Successful exploitation could achieve full remote code execution on the patient monitor, compromising confidentiality, integrity, and availability with high impact, potentially allowing attackers to alter device functions, exfiltrate sensitive patient data, or disrupt critical healthcare operations.

Mitigation details are outlined in advisories from CISA (ICSMA-25-030-01) and the FDA, available at the referenced URLs, which provide guidance for addressing the vulnerability in Contec and related patient monitors.

EU & UK References

Vulnerability details

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct network-accessible RCE via crafted UDP packets on a remotely exposed device service matches exploitation of a public-facing or remote application/service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25742Shared CWE-787
CVE-2026-21897Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2024-57579Shared CWE-787
CVE-2024-57581Shared CWE-787
CVE-2026-0114Shared CWE-787
CVE-2024-11345Shared CWE-787
CVE-2026-41678Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2026-24832Shared CWE-787

Affected Assets

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly identifies, reports, and corrects the out-of-bounds write flaw in the patient monitor's UDP processing to eliminate the vulnerability.

prevent

Validates incoming UDP requests to ensure they do not contain specially formatted data that triggers out-of-bounds writes.

prevent

Implements memory protection mechanisms such as address space layout randomization and stack canaries to mitigate remote code execution from out-of-bounds writes.

References