Santesoft Sante DICOM Viewer Pro

Plan Patch7.8ICS-CERT ICSMA-23-285-01Oct 12, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Santesoft Sante DICOM Viewer Pro versions 12.2.4 and earlier contain buffer overflow vulnerabilities (CWE-787, CWE-121) that could allow an attacker to disclose information and execute arbitrary code on a system where the application is installed and running.

What this means

What could happen

An attacker with local access to a workstation running Sante DICOM Viewer Pro could execute arbitrary code or read sensitive medical imaging data, potentially compromising patient privacy or disrupting diagnostic workflows in a healthcare facility.

Who's at risk

Healthcare facilities and diagnostic imaging centers using Santesoft Sante DICOM Viewer Pro on workstations. This affects any workstation where clinicians, radiologists, or IT staff use the application to view and manage DICOM medical images.

How it could be exploited

An attacker would need to trick a user with Sante DICOM Viewer Pro installed into opening a malicious DICOM file (e.g., via email attachment or USB drive). When the application processes the crafted file, the buffer overflow vulnerability is triggered, allowing code execution with the privileges of the user running the application.

Prerequisites

Local access or ability to deliver a malicious file to a user with Sante DICOM Viewer Pro installed
User interaction required: the victim must open a crafted DICOM file in the vulnerable application

Buffer overflow vulnerability (CWE-787, CWE-121)Local exploitation required (not remotely exploitable)User interaction required (must open malicious file)Affects medical imaging workflow

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Sante DICOM Viewer Pro: <=12.2.4≤ 12.2.412.2.6

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDEducate users not to open DICOM files or attachments from untrusted sources, especially in unsolicited emails

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Sante DICOM Viewer Pro to version 12.2.6 or later

Long-term hardening

0/1

HARDENINGImplement file scanning and validation for DICOM files received from external sources before opening in the application

CVEs (2)

CVE-2023-39431 CVE-2023-35986

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3203b495-9dd1-4240-ae80-40c904463687