OTPulse
FeedAboutContact

Softneta MedDream PACS Premium

Act Now9.8ICS-CERT ICSMA-23-248-01Sep 5, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Softneta MedDream PACS Server contains two vulnerabilities (CWE-749, CWE-256) that allow an attacker with network access to obtain plaintext credentials or execute arbitrary code remotely without authentication or user interaction. Affected versions are 7.2.8.810 and earlier.

What this means
What could happen
An attacker could obtain plaintext credentials stored in the PACS system or execute arbitrary code on the MedDream server, potentially compromising medical imaging data, disrupting diagnostic workflows, or altering image archives.
Who's at risk
Healthcare organizations operating Softneta MedDream PACS (Picture Archiving and Communication System) systems for medical imaging storage, retrieval, and management. This affects diagnostic imaging departments, radiology centers, and hospital IT systems that depend on PACS for archiving and accessing patient images.
How it could be exploited
An attacker with network access to the MedDream PACS server (port 80/443 or administrative interfaces) can exploit these vulnerabilities without authentication or user interaction to extract stored credentials or inject and execute arbitrary code on the server.
Prerequisites
  • Network access to MedDream PACS server (reachable from attacker's network)
  • No credentials or authentication required
  • Server running vulnerable version 7.2.8.810 or earlier
remotely exploitableno authentication requiredlow complexitycritical CVSS score (9.8)affects medical imaging and patient data systemscredential exposure risk
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
MedDream PACS: <= 7.2.8.810≤ 7.2.8.8107.2.9.820 of MedDream PACS Server.Or patch their current system using Fix-v230712
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGRestrict network access to MedDream PACS server; do not expose to the Internet or untrusted networks
HARDENINGIsolate PACS network behind firewall and separate from general business network
HARDENINGIf remote access to PACS is required, use VPN with current security updates
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MedDream PACS Server to version 7.2.9.820 or later
HOTFIXIf unable to update immediately, apply Fix-v230712 patch to current system
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dda3a94f-e945-4b81-9d19-d7df45ab55b0
Softneta MedDream PACS Premium | CVSS 9.8 - OTPulse