OTPulse

Varex Imaging Panoramic Dental Imaging Software

Plan PatchCVSS 7.8ICS-CERT ICSMA-25-345-02Dec 11, 2025
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Panoramic Dental Imaging Software versions prior to 6.6.1.490 contain a privilege escalation vulnerability (CWE-427) that allows a standard user to obtain NT Authority/SYSTEM privileges. The vulnerability requires local access to a workstation running the software and is not remotely exploitable.

What this means
What could happen
A standard user on a workstation running Panoramic Dental Imaging Software could gain system-level privileges, allowing them to install malware, modify system settings, or disrupt the imaging system's operation.
Who's at risk
This vulnerability affects dental imaging software used in dental practices and clinics. The impact is limited to users with local access to workstations running Panoramic Dental Imaging Software, making it a concern primarily for practices where physical workstation security is weak or staff access controls are loose.
How it could be exploited
An attacker with local access to a workstation running the vulnerable software could escalate their user privileges to NT Authority/SYSTEM. This requires the attacker to already have a user account or the ability to log in locally to the machine.
Prerequisites
  • Local access to a workstation running Panoramic Dental Imaging Software version prior to 6.6.1.490
  • A standard user account on the affected workstation
local attack vectorlow complexitystandard user privileges requiredprivilege escalation to SYSTEM level
Exploitability
Some exploitation risk — EPSS score 3.6%
Public Proof-of-Concept (PoC) on GitHub (1 repository)
Affected products (1)
ProductAffected VersionsFix Status
Panoramic Dental Imaging Software: <6.6.1.490<6.6.1.4906.6.1.490+ (available via AJAT_DENTAL_IMAGING_9.4.55.9888.exe patch)
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict local access to workstations running Panoramic Dental Imaging Software to authorized personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Panoramic Dental Imaging Software to version 6.6.1.490 or later by running the patch file AJAT_DENTAL_IMAGING_9.4.55.9888.exe on each affected workstation
Long-term hardening
0/1
HARDENINGImplement account access controls to limit standard user privileges on workstations running the software
View full CISA ICS-CERT advisory
API: /api/v1/advisories/f90cd2f5-2697-4ffc-b5ab-124513771be6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Varex Imaging Panoramic Dental Imaging Software | CVSS 7.8 - OTPulse