OTPulse
FeedAboutContact

MicroDicom DICOM Viewer

Plan Patch8.8ICS-CERT ICSMA-25-121-01May 1, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

MicroDicom DICOM Viewer contains a buffer overflow vulnerability (CWE-787) and out-of-bounds read vulnerability (CWE-125) in how it processes DICOM image files. These vulnerabilities could allow an attacker to disclose sensitive information, cause memory corruption, and execute arbitrary code on a system running the vulnerable viewer. The issues affect DICOM Viewer versions 2025.1_Build_3321 and earlier. MicroDicom recommends updating to version 2025.2 or later.

What this means
What could happen
An attacker could exploit these vulnerabilities via a malicious DICOM file to execute arbitrary code on an operator's workstation, potentially accessing patient data, corrupting medical imaging data, or disrupting diagnostic workflows.
Who's at risk
Healthcare facilities and medical imaging departments using MicroDicom DICOM Viewer on diagnostic workstations. This affects radiologists, medical technicians, and clinical staff who view medical images for diagnosis and treatment planning. Impacts any facility relying on DICOM image analysis for patient care decisions.
How it could be exploited
An attacker crafts a malicious DICOM medical image file with buffer overflow or out-of-bounds read payloads. The file is sent to or accessed by an operator running DICOM Viewer. When the operator opens the file, the vulnerabilities are triggered, allowing code execution on the workstation with the operator's privileges.
Prerequisites
  • User must open a malicious DICOM file in the vulnerable DICOM Viewer application
  • File must be delivered to the operator (via email, network share, or removable media)
  • Operator must be running DICOM Viewer version 2025.1_Build_3321 or earlier
remotely exploitable via malicious filelow complexity attackuser interaction required (must open file)high CVSS score (8.8)affects data confidentiality and integrityhigh impact on medical operations
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
DICOM Viewer: <=2025.1_Build_3321≤ 2025.1 Build 33212025.2 or later
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGRestrict access to DICOM Viewer to authorized personnel only and limit file import sources to trusted PACS systems and validated imaging devices
WORKAROUNDImplement email gateway controls to block or quarantine DICOM files from untrusted senders
HARDENINGEducate operators to verify the source of DICOM files before opening them, especially from email or removable media
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DICOM Viewer to version 2025.2 or later
Long-term hardening
0/1
HARDENINGIsolate diagnostic imaging workstations from general business networks to reduce exposure if compromise occurs
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/9a965eee-53b3-4100-8832-316de56d0fea
MicroDicom DICOM Viewer | CVSS 8.8 - OTPulse