OTPulse
FeedAboutContact

MicroDicom DICOM Viewer

Plan Patch7.8ICS-CERT ICSMA-24-060-01Feb 29, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

MicroDicom DICOM Viewer versions 2023.3_Build_9342 and earlier contain buffer overflow and out-of-bounds write vulnerabilities (CWE-122, CWE-787) that can cause memory corruption and lead to arbitrary code execution. These are triggered when a user opens a specially crafted DICOM image file. No prior public exploitation has been reported. These vulnerabilities require local user interaction and are not remotely exploitable. MicroDicom has released version 2024.1 as a fix.

What this means
What could happen
Memory corruption in MicroDicom DICOM Viewer could allow arbitrary code execution if a user opens a specially crafted DICOM file, potentially compromising the imaging workstation and any connected diagnostic or treatment systems.
Who's at risk
Healthcare facilities operating medical imaging systems using MicroDicom DICOM Viewer for diagnostic workstations, picture archiving and communication systems (PACS), and radiology information systems. This affects radiologists, technicians, and clinical staff who use the viewer to access patient imaging data.
How it could be exploited
An attacker sends a malicious DICOM file to a user with MicroDicom DICOM Viewer installed. When the user opens the file, a memory corruption vulnerability is triggered, allowing the attacker to execute arbitrary code on the workstation with the privileges of that user.
Prerequisites
  • User interaction required (user must open a malicious DICOM file)
  • MicroDicom DICOM Viewer version 2023.3_Build_9342 or earlier installed
  • Local system access or ability to deliver malicious file to user
Requires user interaction (opening file)Low complexity attackAffects healthcare imaging systemsMemory corruption leading to arbitrary code execution
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
MicroDicom DICOM Viewer: <=2023.3_Build_9342≤ 2023.3 Build 93422024.1
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict DICOM file access and receipt to trusted sources only; implement file validation and scanning before opening
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MicroDicom DICOM Viewer to version 2024.1 or later
Long-term hardening
0/2
HARDENINGSegment imaging workstations from diagnostic and treatment system networks; apply firewall rules to limit lateral movement
HARDENINGImplement user awareness training on risks of opening files from untrusted sources
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7250eb5c-08bb-407b-ac22-f63083a6ec6c
MicroDicom DICOM Viewer | CVSS 7.8 - OTPulse