ICSMA-17-215-01_Siemens Molecular Imaging Vulnerabilities

Act Now9.8ICS-CERT ICSMA-17-215-01Aug 3, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens SPECT Workplaces and Symbia.net systems contain code injection vulnerabilities (CWE-94, CWE-119) in the Windows XP-based imaging software. These vulnerabilities allow remote code execution without any user interaction or credentials. The affected systems are all Windows XP-based versions of SPECT Workplaces/Symbia.net. No vendor fix is available for these end-of-life systems.

What this means

What could happen

An attacker can run arbitrary code on SPECT imaging workplaces without authentication, potentially compromising patient data, altering diagnostic images, or disrupting critical imaging operations in healthcare facilities.

Who's at risk

Healthcare facilities operating Siemens SPECT (Single Photon Emission Computed Tomography) imaging systems, specifically those using Symbia.net or SPECT Workplaces on Windows XP platforms. This affects nuclear medicine departments and imaging centers that rely on these diagnostic devices for cardiac, oncology, and other molecular imaging procedures.

How it could be exploited

An attacker with network access to a SPECT Workplace can send a specially crafted network request to exploit code injection vulnerabilities (CWE-94, CWE-119) in the Windows XP-based system, allowing remote code execution with full system privileges.

Prerequisites

Network access to the SPECT Workplace on the imaging network
No authentication required
Target device must be running a vulnerable Windows XP-based version

Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)EPSS 94.4% (very high exploitability)No patch availableAffects critical healthcare equipmentObsolete operating system (Windows XP) without security support

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

SPECT Workplaces/Symbia.net: All Windows XP-based versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXReplace or upgrade SPECT Workplaces/Symbia.net systems to supported hardware and software platforms not based on Windows XP

HARDENINGImplement network segmentation to isolate SPECT imaging systems from general facility networks and limit access to authorized diagnostic personnel only

WORKAROUNDImplement firewall rules to restrict network access to SPECT systems to only required ports and authorized workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from SPECT systems for suspicious activity

CVEs (2)

CVE-2008-4250 CVE-2017-7269

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/854ccb48-83ea-4257-9685-733eb94bf929