MicroDicom Releases DICOM Viewer Software Update
Two vulnerabilities could allow an attacker to cause memory corruption issues leading to arbitrary code execution
Summary
Two vulnerabilities could allow an attacker to cause memory corruption issues leading to arbitrary code execution
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) Medical Advisory for two vulnerabilities found in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format.
CVE-2024-22100 is a heap-based buffer overflow vulnerability that could allow an attacker to execute arbitrary code if a user can be convinced to open a malicious DCM file. CVE-2024-25578 is an out-of-bounds write vulnerability that could result in memory corruption when exploited.
Vulnerability details
- CVE-2024-22100 - CWE-122 - Heap-based buffer overflow vulnerability
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability. This vulnerability has a CVSS v3.1 base score of 7.8.
- CVE-2024-25578 - CWE-787 - Out-of-bounds write vulnerability
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. This vulnerability has a CVSS v3.1 base score of 7.8.
Remediation advice
Affected organisations are encouraged to review the CISA advisory ICSMA-24-060-01, which recommends updating MicroDicom DICOM Viewer to version 2024.1 and taking the following defensive actions to minimise the risk of exploitation of these vulnerabilities:
- Minimise network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolating them from business networks.
- When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognising VPNs may have vulnerabilities and should be updated to the most current version available. VPN is only as secure as the connected devices.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 1 March 2024 4:15 pm