OTPulse
FeedAboutContact

Varex Imaging Panoramic Dental Imaging Software

Plan Patch7.8ICS-CERT ICSMA-25-345-02Dec 11, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Varex Imaging Panoramic Dental Imaging Software versions before 6.6.1.490 contain an insecure file handling vulnerability (CWE-427) that allows a standard user to escalate privileges to SYSTEM level on the local workstation. This vulnerability is exploitable only via local access and cannot be exploited remotely. Varex Imaging has released a software patch to address this issue.

What this means
What could happen
An authenticated user on a workstation running Panoramic Dental Imaging Software could escalate privileges to SYSTEM level, allowing them to take full control of that computer and potentially access or modify patient imaging data and system configurations.
Who's at risk
Dental imaging facilities using Varex Imaging Panoramic Dental Imaging Software should prioritize this update. The vulnerability affects any workstation running the software and could be exploited by any staff member with local access, including clinical and administrative users.
How it could be exploited
An attacker with a standard user account on a workstation running the vulnerable Panoramic Dental Imaging Software (version before 6.6.1.490) can exploit an insecure file handling issue to escalate privileges to NT Authority/SYSTEM, gaining administrative control of the machine.
Prerequisites
  • Standard user account on a workstation running Panoramic Dental Imaging Software version before 6.6.1.490
  • Local access to the affected workstation
Low complexity exploitNo authentication required for privilege escalation after initial accessAffects confidentiality and integrity of patient imaging dataDefault configurations likely vulnerable
Exploitability
Moderate exploit probability (EPSS 3.6%)
Affected products (1)
ProductAffected VersionsFix Status
Panoramic Dental Imaging Software: <6.6.1.490<6.6.1.4906.6.1.490 or later (available via AJAT_DENTAL_IMAGING_9.4.55.9888.exe patch)
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXDownload and install the Panoramic Dental Imaging Software patch (AJAT_DENTAL_IMAGING_9.4.55.9888.exe) from Varex Imaging on all affected workstations
Long-term hardening
0/2
HARDENINGRestrict user account privileges on workstations to the minimum required for normal operation, enforcing standard user accounts rather than administrator access
HARDENINGEnsure workstations running Panoramic Dental Imaging Software are isolated behind firewalls and not directly accessible from the internet or guest networks
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f90cd2f5-2697-4ffc-b5ab-124513771be6
Varex Imaging Panoramic Dental Imaging Software | CVSS 7.8 - OTPulse