ICSMA-17-215-02_Siemens Molecular Imaging Vulnerabilities

Act NowCVSS 9.8ICS-CERT ICSMA-17-215-02Aug 3, 2017

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens PET/CT imaging systems running Windows 7 contain critical vulnerabilities (CWE-94 code injection, CWE-284 permission bypass, CWE-119 buffer overflow) that allow remote code execution. An attacker can execute arbitrary code without authentication over the network. The vulnerabilities are being actively exploited in the wild. No patch is available from Siemens because these systems are based on end-of-life Windows 7, which receives no further updates from Microsoft. Affected installations must rely on compensating controls and network isolation.

What this means

What could happen

An attacker could execute arbitrary code on PET/CT imaging systems, compromising patient diagnostic data integrity and potentially halting medical imaging operations at hospitals and diagnostic centers.

Who's at risk

Healthcare facilities operating Siemens PET/CT imaging systems should be concerned. This affects diagnostic imaging departments, cancer centers, cardiology labs, and any medical facility relying on PET/CT for patient diagnosis. The systems run Windows 7, which is end-of-life and cannot be patched by Siemens.

How it could be exploited

An attacker with network access to the PET/CT system could send specially crafted network requests to trigger code execution. Since no authentication is required and the system is accessible remotely over the network, an attacker from outside the facility could directly compromise the device without needing valid credentials or physical access.

Prerequisites

Network access to the PET/CT system
No credentials required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)extremely high EPSS score (94.3%)no patch availablelegacy operating system (Windows 7)

Exploitability

Actively exploited — confirmed by CISA KEV

Metasploit module available — weaponized exploitView module ↗

Public Proof-of-Concept (PoC) on GitHub (10 repositories)

Affected products (1)

ProductAffected VersionsFix Status

PET/CT Systems: All Windows 7-based versionsAll versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGIsolate affected PET/CT systems from untrusted networks using network segmentation (VLAN or DMZ). Only allow connections from authorized diagnostic workstations and imaging software.

WORKAROUNDDeploy a host-based firewall on the PET/CT system to block inbound connections on non-essential ports. Document all required ports for imaging software and clinical operations.

HARDENINGImplement network-based intrusion detection to monitor for unusual traffic to PET/CT systems. Flag any external connection attempts.

HARDENINGEnsure audit logging is enabled on PET/CT systems to detect unauthorized access attempts and code execution anomalies.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXEvaluate replacement or upgrade of PET/CT systems to models using modern, supported operating systems (Windows 10/11 or vendor-maintained alternatives).

CVEs (4)

CVE-2015-1635 CVE-2015-1497 CVE-2015-7861 CVE-2015-7860

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dde9ba09-c75c-42dd-9093-800bf4be26b1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.