OTPulse
FeedAboutContact

MicroDicom DICOM Viewer

Plan Patch8.8ICS-CERT ICSMA-24-163-01Jun 11, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

MicroDicom DICOM Viewer versions prior to 2024.2 contain a stack-based buffer overflow (CWE-121) and improper access control vulnerability (CWE-939). These flaws allow an attacker to retrieve and plant medical image files on a victim's system and execute arbitrary code, potentially leading to disclosure of sensitive patient information and compromise of imaging systems. The vulnerabilities are triggered when a user opens a crafted DICOM image file.

What this means
What could happen
An attacker could exploit these vulnerabilities to extract medical images and patient data from a DICOM viewer, or execute arbitrary code on the system by sending a crafted image file. This could expose sensitive medical records and compromise the integrity of diagnostic imaging systems.
Who's at risk
Healthcare organizations that operate medical imaging systems and use MicroDicom DICOM Viewer for diagnostic image review, including hospitals, clinics, and radiology departments that rely on this viewer for patient care workflows.
How it could be exploited
An attacker sends a maliciously crafted DICOM image file (e.g., via email, web, or network share) to a user. When the user opens the file in MicroDicom DICOM Viewer, the stack-based buffer overflow is triggered, allowing the attacker to execute code or read files from the system.
Prerequisites
  • User must open a crafted DICOM image file in MicroDicom DICOM Viewer (requires user interaction)
  • DICOM Viewer version prior to 2024.2 must be installed
Remotely exploitableLow complexity attackUser interaction requiredNo patch available (product end-of-life)Affects medical device/healthcare systemDICOM files commonly shared via email and network transfer
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
DICOM Viewer: <2024.2<2024.22024.2
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDDisable the ability to open DICOM files from untrusted sources; restrict file opening to known, validated sources only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MicroDicom DICOM Viewer to version 2024.2 or later
Long-term hardening
0/3
HARDENINGImplement network segmentation to isolate diagnostic imaging systems from the general business network and the internet
HARDENINGTrain users not to open unsolicited DICOM files or email attachments from unknown senders
HARDENINGIf remote access to DICOM viewers is required, use a VPN with current security patches and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/920cd8be-91a0-4c93-8486-bd72b0c595e6
MicroDicom DICOM Viewer | CVSS 8.8 - OTPulse