CVE-2024-33606 MicroDicom CVE debrief

Who should care

Healthcare organizations, medical imaging departments, radiology practices, and any clinical environments using MicroDicom DICOM Viewer for diagnostic imaging review. Particularly relevant for HIPAA-covered entities and those with regulatory obligations for medical data integrity.

Technical summary

The vulnerability in MicroDicom DICOM Viewer versions prior to 2024.2 enables attackers to manipulate medical image files—including retrieval of sensitive images, injection of falsified images, or overwriting of legitimate images—when user interaction occurs. The network-attackable vulnerability with low attack complexity and required user interaction poses high impact across confidentiality, integrity, and availability dimensions. Medical imaging integrity is critical for diagnostic accuracy and patient safety.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade MicroDicom DICOM Viewer to version 2024.2 or later
• Review systems for unauthorized medical image modifications if prior versions were in use
• Implement network segmentation for medical imaging workstations
• Train users to recognize and avoid suspicious files or links that could trigger exploitation
• Verify backup integrity for medical imaging data
• Apply principle of least privilege to DICOM file system access

Evidence notes

Vulnerability confirmed through CISA CSAF advisory with vendor remediation guidance. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources