Skip to main content

Multiple Vulnerabilities in Santesoft Sante Medical Software

The vulnerabilities affect Santesoft Sante FFT Imaging and DICOM Viewer Pro

Threat ID:
CC-4394
Threat Severity:
Low
Published:
13 October 2023 1:07 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The vulnerabilities affect Santesoft Sante FFT Imaging and DICOM Viewer Pro

Threat details

Introduction

Santesoft have reported multiple vulnerabilities in their Sante FFT Imaging and DICOM Viewer Pro products. One vulnerability affects Sante FFT Imaging and could allow an attacker to execute arbitrary code.

Two vulnerabilities affect Sante DICOM Viewer Pro, both of which could also be leveraged by an attacker in order to execute arbitrary code.

Vulnerability details

  • CVE-2023-5059 - CWE-125 - Out-of-bounds Read

The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2023-39431 - CWE-787 - Out-of-bounds Write

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2023-35986 - CWE-121 - Stack-based Buffer Overflow

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Remediation advice

Affected organisations are encouraged to review the relevant CISA advisories ICSMA-23-285-02 and ICSMA-23-285-01.

Santesoft have released updated versions of their products and recommend that users update to Sante FFT Imaging to v1.4.1 and Sante DICOM Viewer Pro to v12.2.6.

CISA recommends users take defensive measures to minimise the risk of exploitation of these vulnerabilities, such as:

  • Minimise network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognising VPNs may have vulnerabilities and should be updated to the most current version available. Also recognise VPN is only as secure as the connected devices.
  • Do not click web links or open attachments in unsolicited email messages.

Last edited: 13 October 2023 3:22 pm