Santesoft Sante FFT Imaging

Plan Patch7.8ICS-CERT ICSMA-23-285-02Oct 12, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A buffer over-read vulnerability (CWE-125) in Sante FFT Imaging version 1.4.0 and earlier allows an attacker with local access to disclose information and execute arbitrary code if a user interacts with a malicious input or file. The vulnerability is not remotely exploitable and requires user interaction.

What this means

What could happen

An attacker with local access to a workstation running Sante FFT Imaging could execute arbitrary code and read sensitive data, potentially compromising imaging analysis workflows and proprietary diagnostic information.

Who's at risk

Medical imaging departments and diagnostic facilities using Sante FFT Imaging software on clinical or engineering workstations. This affects organizations relying on FFT-based image analysis for diagnostics or research.

How it could be exploited

An attacker must have local access to a workstation running the vulnerable Sante FFT Imaging software (versions 1.4.0 or earlier). The attacker would trick a user into opening a malicious file or interacting with a crafted input, triggering a buffer over-read condition that allows code execution.

Prerequisites

Local access to workstation running Sante FFT Imaging v1.4.0 or earlier
User interaction required (e.g., opening a malicious file or input)

local access requireduser interaction requiredbuffer over-read vulnerabilityno patch available at time of advisoryhigh CVSS score

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

Sante FFT Imaging: <=1.4.0≤ 1.4.01.4.1

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Sante FFT Imaging to version 1.4.1 or later

Long-term hardening

0/2

HARDENINGRestrict local access to workstations running Sante FFT Imaging; limit user accounts and enforce access controls

HARDENINGImplement endpoint security and file integrity monitoring on imaging workstations to detect unauthorized changes

CVEs (1)

CVE-2023-5059

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/768edd25-12c8-4f19-a26e-8c56b964850f