Medixant RadiAnt DICOM Viewer

MonitorCVSS 5.7ICS-CERT ICSMA-25-051-01Feb 20, 2025

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

RadiAnt DICOM Viewer versions 2024.02 and earlier contain an SSL/TLS certificate validation vulnerability (CWE-295) that allows an attacker positioned to perform a machine-in-the-middle (MITM) attack to intercept the software's automatic update mechanism and deliver malicious updates to the user's system.

What this means

What could happen

An attacker on the local network or at an intermediate network point could intercept RadiAnt's update communications and inject malicious software, compromising the diagnostic workstation and potentially affecting the integrity of medical imaging data or clinical decisions.

Who's at risk

Healthcare facilities and diagnostic imaging centers using RadiAnt DICOM Viewer for reviewing medical images (CT, MRI, X-ray) on workstations. Particularly relevant if RadiAnt is deployed on networked clinical workstations or shared imaging review stations where an attacker could position a MITM attack on hospital or clinic network infrastructure.

How it could be exploited

The attacker must be positioned on the network path between the RadiAnt user's workstation and Medixant's update servers (requires network-level access such as ARP spoofing, DNS hijacking, or compromised network infrastructure). When RadiAnt checks for updates, the attacker intercepts the HTTPS connection due to the missing certificate validation and serves a malicious update package that the user's system installs.

Prerequisites

Network access to the user's workstation (same local network or compromised network segment)
RadiAnt automatic update feature enabled (default state)
User interaction to accept the malicious update notification or scheduled automatic update trigger

no authentication required for update acceptancelow attack complexityaffects medical imaging workflowdefault configuration vulnerable

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

RadiAnt DICOM Viewer: 2024.022024.022025.1

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDDisable automatic update checks by running: reg add "HKCU\Software\RadiAnt Viewer" /t REG_DWORD /v CheckUpdate /d 0 /f

WORKAROUNDDownload and install RadiAnt updates only from https://www.radiantviewer.com in a web browser, not through in-application update prompts

WORKAROUNDScan any downloaded RadiAnt installation packages with antivirus software before execution

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RadiAnt DICOM Viewer to version 2025.1 or later

Long-term hardening

0/1

HARDENINGSegment medical imaging workstations onto a dedicated VLAN with restricted access to external networks and implement network monitoring to detect MITM indicators

CVEs (1)

CVE-2025-1001

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8f2a67ac-a2ac-4e6d-9c23-ccc53521e7af

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.