MicroDicom Releases DICOM Viewer Software Update

One vulnerability could allow an attacker retrieve and plant medical image files and another could lead to arbitrary code execution

Threat ID:: CC-4512
Threat Severity:: Low
Published:: 13 June 2024 12:59 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

One vulnerability could allow an attacker retrieve and plant medical image files and another could lead to arbitrary code execution

Affected platforms

The following platforms are known to be affected:

Versions: Versions 2024.2 and prior

MicroDicom DICOM Viewer

Threat details

Attacks targeting MicroDicom users

NHS England National CSOC are aware of watering hole campaigns targeting MicroDicom users. Threat actors are masquerading as the official download page to deliver a fake installer, off the back of the CISA advisory ICSMA-24-163-01, to deliver malware. Organisations are strongly encouraged to verify all download links for software patches, and are recommended to follow the Definitive Threat Updates link in our cyber alerts.

Introduction

The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) Medical Advisory for two vulnerabilities found in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format.

CVE-2024-33606 is an 'improper authorisation in handler for custom URL scheme' (CWE-939) vulnerability with a CVSSv3 score of 8.8, which if exploited could allow an attacker to retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing images.

CVE-2024-28877 is a stack-based buffer overflow (CWE-121) vulnerability with a CVSSv3 score of 8.8, which if exploited could allow an attacker to execute arbitrary code (ACE).

Threat updates

Date	Update
30 Jul 2024	Attacks targeting MicroDICOM users

Remediation advice

Affected organisations are encouraged to review the CISA advisory ICSMA-24-163-01, which recommends updating MicroDicom DICOM Viewer to version 2024.2 and taking the following defensive actions to minimise the risk of exploitation of these vulnerabilities:

Minimise network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognising VPNs may have vulnerabilities and should be updated to the most current version available. Also recognise VPN is only as secure as the connected devices.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2024-33606

An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability.

Status Published

CVE-2024-28877

MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.

Last edited: 30 July 2024 4:37 pm