OTPulse
FeedAboutContact

MicroDicom DICOM Viewer

Monitor5.7ICS-CERT ICSMA-25-037-01Feb 6, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

MicroDicom DICOM Viewer versions up to 2024.03 are vulnerable to machine-in-the-middle attacks due to improper server authentication. An attacker on the local network can intercept and alter DICOM image data and metadata in transit without detection. The vulnerability is in CWE-295 (Improper Certificate Validation). MicroDicom has released version 2025.1 as a fix.

What this means
What could happen
An attacker on the same network could intercept and alter traffic between the DICOM Viewer and the imaging server, potentially causing display of incorrect medical images or blocking access to critical diagnostic data.
Who's at risk
Hospital IT managers and medical imaging departments using MicroDicom DICOM Viewer for reviewing patient imaging (X-ray, CT, MRI, ultrasound). Critical for diagnostic workflows in emergency departments, imaging centers, and specialty clinics.
How it could be exploited
An attacker positioned on the local network (same subnet or VLAN) performs a machine-in-the-middle attack by intercepting unencrypted DICOM communications. The attacker can modify image data or metadata in transit without the viewer detecting the tampering because the application does not properly validate the authenticity of the server connection.
Prerequisites
  • Local network access (same subnet/VLAN as the DICOM Viewer)
  • No authentication required
  • User interaction to trigger the connection (opening viewer or viewing images)
Local network access required (not remotely exploitable)No authentication requiredLow attack complexityAffects diagnostic integrity (could impact patient care decisions)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
MicroDicom DICOM Viewer: 2024.032024.032025.1
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDIf remote access to DICOM systems is required, use a VPN with current security patches
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MicroDicom DICOM Viewer to version 2025.1 or later
Long-term hardening
0/2
HARDENINGIsolate the medical imaging network (containing DICOM Viewer systems) from business networks and the internet using a firewall
HARDENINGEnsure DICOM Viewer systems are not internet-accessible and restrict to hospital/facility networks only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/926ba8b5-56d9-4bc2-a1e9-7cc4433baf8f
MicroDicom DICOM Viewer | CVSS 5.7 - OTPulse