FUJIFILM Healthcare Americas Synapse Mobility
MonitorCVSS 4.3ICS-CERT ICSMA-25-233-01Aug 21, 2025
Healthcare
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Synapse Mobility contains an access control vulnerability that could allow an authenticated user with assigned credentials to access information and images beyond their assigned roles and permissions through the search function. The vulnerability affects versions prior to 8.2 and is caused by insufficient access controls on search functionality within the application.
What this means
What could happen
An attacker with valid login credentials could access patient medical imaging data and information they are not authorized to view, potentially leading to privacy breaches or exposure of sensitive healthcare records.
Who's at risk
Healthcare organizations using FUJIFILM Synapse Mobility for medical image archival and retrieval, including radiologists, clinicians, administrators, and IT staff managing imaging systems. This affects any hospital, imaging center, or healthcare network that relies on Synapse Mobility for managing patient medical imaging data.
How it could be exploited
An attacker must first obtain valid Synapse Mobility user credentials (e.g., from an employee account). They would then log into the application and use the search function to query for medical images or patient records outside their assigned access scope. Without proper role-based access controls on search results, the attacker could retrieve unauthorized data.
Prerequisites
- Valid Synapse Mobility user account credentials
- Network access to the Synapse Mobility application
- Search function enabled in the system configuration
Requires authentication (insider threat risk)affects healthcare systems and patient privacyaffects authorization controlslow CVSS score indicates limited scope
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
Synapse Mobility: <8.2<8.28.2+
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDDisable the search function in Synapse Mobility configurator settings
WORKAROUNDUncheck the 'Allow plain text accession number' setting in the admin security section to disable search across all users and restrict access to SecureURL-based queries only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Synapse Mobility to version 8.2 or later
HOTFIXFor versions 8.0–8.1.1, apply available patches released by FUJIFILM Healthcare Americas
Long-term hardening
0/1HARDENINGLimit network access to Synapse Mobility to authorized staff only; do not expose the application to the internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f0c5e703-0676-4b23-b1df-36fc471b998dGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.