Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
Summary
Multiple vulnerabilities have been discovered in the Orthanc DICOM server, a popular medical imaging software. These flaws could allow attackers to cause denial-of-service, disclose sensitive information, or even achieve remote code execution.
IFF Assessment
The identified vulnerabilities allow attackers to gain unauthorized access and control over medical imaging systems, posing a significant threat to patient data and system availability.
Severity
The vulnerabilities allow for remote code execution (RCE) and information disclosure, with a high potential for widespread impact on critical medical infrastructure, hence a very high CVSS score is estimated.
Defender Context
Defenders should prioritize patching or updating Orthanc DICOM servers to mitigate these critical vulnerabilities. This incident highlights the importance of securing specialized medical software that handles sensitive patient data, as exploitation could lead to severe consequences.