CVE-2024-22100 MicroDicom CVE debrief

Who should care

Healthcare organizations, medical imaging departments, radiology practices, and any entities using MicroDicom DICOM Viewer for diagnostic imaging should prioritize patching. Security teams in healthcare environments should assess exposure and implement user awareness training given the user-interaction requirement for exploitation.

Technical summary

The vulnerability exists in MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and earlier. A heap-based buffer overflow can be triggered when parsing a maliciously crafted DCM (DICOM) file. The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability. Successful exploitation allows arbitrary code execution in the context of the application.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade MicroDicom DICOM Viewer to version 2024.1 or later to remediate this vulnerability
• Train users to avoid opening DCM files from untrusted sources and to verify file origins before opening
• Implement application whitelisting and least-privilege execution policies to limit impact of potential exploitation
• Consider network segmentation for systems handling medical imaging data to contain potential compromise
• Review and apply CISA's ICS recommended practices for defense-in-depth strategies

Evidence notes

CISA published advisory ICSMA-24-060-01 on February 29, 2024, identifying this heap-based buffer overflow in MicroDicom DICOM Viewer. The vulnerability requires local access and user interaction (opening a malicious DCM file) but results in complete system compromise. MicroDicom has released version 2024.1 as a fix.

Official resources