Santesoft Sante DICOM Viewer Pro

Plan PatchCVSS 7.8ICS-CERT ICSMA-25-079-01Mar 20, 2025

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Sante DICOM Viewer Pro versions 14.1.2 and earlier contain a memory corruption vulnerability (CWE-787) that could allow an attacker to execute arbitrary code on a local system where the application is running. The vulnerability requires user interaction (opening a malicious file) to trigger. No remote exploitation is possible.

What this means

What could happen

An attacker could execute arbitrary code on a computer running the vulnerable DICOM viewer, potentially compromising medical imaging workflows or enabling lateral movement into hospital and clinic networks if the device is connected to clinical IT systems.

Who's at risk

Medical facilities, diagnostic imaging centers, and healthcare IT staff who use Sante DICOM Viewer Pro for reviewing diagnostic images. This includes radiologists, imaging technicians, PACS administrators, and any clinical staff interacting with DICOM files. Particular concern if the viewer runs on systems connected to medical networks or hospital IT infrastructure.

How it could be exploited

An attacker crafts a malicious DICOM file and tricks a user into opening it in the vulnerable viewer. When opened, the crafted file triggers memory corruption, allowing the attacker to execute arbitrary code with the privileges of the user running the application. The vulnerability requires local access and user action—it cannot be exploited remotely.

Prerequisites

- Sante DICOM Viewer Pro version 14.1.2 or earlier installed on the target system - User must open a malicious DICOM file in the viewer - Social engineering or file delivery mechanism (email, USB, file share) needed to deliver the malicious file

- Memory corruption flaw (CWE-787) leading to code execution - User interaction required but relatively easy social engineering target - If installed on networked clinical systems, could enable pivoting to healthcare networks - Affects medical imaging workflow

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Sante DICOM Viewer Pro: <=14.1.2≤ 14.1.214.2.0+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDEducate users not to open DICOM files from untrusted sources or unexpected email attachments, especially if the sender is not known

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Sante DICOM Viewer Pro to version 14.2.0 or later on all systems running vulnerable versions

Long-term hardening

0/2

HARDENINGIf DICOM viewer systems are connected to clinical networks, implement network segmentation to isolate imaging workstations from critical medical devices and EHR systems

HARDENINGRestrict file sharing and removable media (USB drives) access to systems running the DICOM viewer to reduce the attack surface for malicious file delivery

CVEs (1)

CVE-2025-2480

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8083e4e4-51b4-42fd-8490-f9781ba045c0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.