OTPulse
FeedAboutContact

Santesoft Sante FFT Imaging

Plan Patch7.8ICS-CERT ICSMA-24-065-01Mar 5, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Sante FFT Imaging versions 1.4.1 and earlier contain a buffer overflow vulnerability (CWE-787) that allows local code execution when a user opens a malicious DICOM file. The vulnerability is triggered through file handling and does not require elevated privileges or network access. Successful exploitation allows an attacker to run arbitrary code with the privileges of the user who opened the file.

What this means
What could happen
A local attacker could execute arbitrary code on a workstation running Sante FFT Imaging by tricking a user into opening a malicious DICOM image file, potentially compromising medical imaging systems or the workstation itself.
Who's at risk
Organizations using Sante FFT Imaging for medical imaging analysis on workstations. This affects healthcare facilities, diagnostic imaging centers, and research institutions that rely on this software for DICOM image processing and visualization.
How it could be exploited
An attacker crafts a malicious DICOM (.dcm) file and sends it to a user (via email, file sharing, or removable media). When the user opens the file in Sante FFT Imaging v1.4.1 or earlier, the vulnerability is triggered, allowing the attacker to execute arbitrary code with the privileges of the user running the application.
Prerequisites
  • Local access to the workstation where Sante FFT Imaging is installed
  • User interaction required—the user must open a malicious DICOM file
  • Sante FFT Imaging version 1.4.1 or earlier must be installed
Local exploitation only (requires user at workstation)User interaction required (must open malicious file)Low complexity attackAffects workstation and potentially medical imaging workflows
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Sante FFT Imaging: <=1.4.1≤ 1.4.11.4.2
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDImplement email and file transfer controls to prevent receipt of unsolicited DICOM files; restrict file types that can be opened from untrusted sources
HARDENINGTrain users to avoid opening unsolicited DICOM files or attachments from unknown senders
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Sante FFT Imaging to version 1.4.2 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/9c6f9551-41ff-4eec-b3b1-3ac9bb8b3bd6
Santesoft Sante FFT Imaging | CVSS 7.8 - OTPulse