Fujifilm FCR Capsula X/Carbon X

Act Now9.8ICS-CERT ICSMA-19-113-01Apr 23, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CWE-400 (Uncontrolled Resource Consumption) and CWE-284 (Improper Access Control) vulnerabilities in Fujifilm FCR Capsula X, FCR Carbon X, and FCR XC-2 cassette readers (CR-IR 357 control system) allow remote attackers to cause denial-of-service conditions and execute arbitrary code on the device without authentication. Exploitation could result in image loss, device unavailability, and interruption of diagnostic imaging operations.

What this means

What could happen

An attacker could remotely execute arbitrary code on the CR-IR 357 cassette reader, causing loss of medical images or complete device shutdown. This directly impacts diagnostic imaging workflows and patient care continuity.

Who's at risk

Hospital and diagnostic imaging centers using Fujifilm FCR Capsula X, FCR Carbon X, or FCR XC-2 cassette readers with CR-IR 357 control systems. This affects radiography workflows in radiology departments, emergency departments, and imaging facilities that depend on these devices for X-ray image capture and processing.

How it could be exploited

An attacker with network access to the CR-IR 357 cassette reader can send specially crafted network traffic to trigger a resource exhaustion condition (CWE-400) or leverage missing access controls (CWE-284) to bypass authentication and execute arbitrary commands on the underlying operating system without credentials.

Prerequisites

Network access to the CR-IR 357 cassette reader on the same network segment
Device must be in default configuration (Secure Host functionality not enabled)

Remotely exploitableNo authentication requiredLow complexity attackNo patch availableAffects diagnostic medical devicesCritical CVSS score (9.8)

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

FCR XC-2: CR-IR 357CR-IR 357No fix yet

FCR Capsula X: CR-IR 357CR-IR 357No fix yet

FCR Carbon X: CR-IR 357CR-IR 357No fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDContact Fujifilm (888-FUJI-MED or 888-385-4633, or regional contact) to request Secure Host functionality be enabled on CR-IR 357 units if you do not require multi-console image acquisition sharing

HARDENINGIsolate CR-IR 357 cassette readers on a dedicated medical imaging network segment, separate from general IT networks and guest/public networks

HARDENINGImplement VLAN segmentation to restrict network traffic between public and private networks, preventing unauthorized access to imaging devices

Long-term hardening

0/2

HARDENINGImplement network access controls to ensure only authorized medical imaging consoles can communicate with CR-IR 357 readers

HARDENINGReview and enforce administrative controls on who can access imaging networks and devices

CVEs (2)

CVE-2019-10948 CVE-2019-10950

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/84a9d772-c5e2-4376-965d-1427efaa9896