MicroDicom DICOM Viewer

MonitorCVSS 5.7ICS-CERT ICSMA-25-037-01Feb 6, 2025

Transportation

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

MicroDicom DICOM Viewer version 2024.03 contains an improper certificate validation vulnerability (CWE-295) that allows an attacker on the same network segment to intercept and alter DICOM image traffic via machine-in-the-middle attack. The vulnerability has a CVSS score of 5.7 (medium severity) and is not remotely exploitable. MicroDicom has released a fix in version 2025.1.

What this means

What could happen

An attacker positioned on the network could intercept and modify traffic between the DICOM Viewer and medical imaging servers, potentially altering diagnostic images or interrupting image transfer in transportation environments that rely on medical imaging for passenger or cargo screening.

Who's at risk

Transportation security operations that rely on medical imaging for screening (passenger health checks, biological threat detection in cargo). Any organization using MicroDicom DICOM Viewer version 2024.03 for medical image processing and analysis.

How it could be exploited

An attacker must be on the same local network segment as the DICOM Viewer (same switch, Wi-Fi network, or adjacent network). They perform a machine-in-the-middle attack by spoofing network traffic to intercept and alter DICOM image data traveling between the viewer and the imaging source. The user must interact with the viewer for the attack to succeed.

Prerequisites

Attacker presence on the same local network segment (LAN, Wi-Fi, or directly adjacent network)
User interaction with the DICOM Viewer application
Unencrypted or inadequately encrypted network communications between viewer and image server

low network complexity (same-LAN attack)no authentication requiredvulnerability requires user interactionaffects confidentiality and integrity of medical images

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

MicroDicom DICOM Viewer: 2024.032024.032025.1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the DICOM Viewer workstation to trusted medical imaging servers only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MicroDicom DICOM Viewer to version 2025.1 or later

Long-term hardening

0/2

HARDENINGIsolate medical imaging workstations from general business networks using network segmentation or dedicated VLAN

HARDENINGImplement network encryption (TLS/SSL) for all DICOM communications if supported by your imaging infrastructure

CVEs (1)

CVE-2025-1002

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/926ba8b5-56d9-4bc2-a1e9-7cc4433baf8f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.