Softneta MedDream PACS Exposed Dangerous Method or Function
CVE-2023-40150

9.8CRITICAL

Key Information:

Vendor: Softneta
Status: Meddream Pacs
Vendor: CVE Published:; 11 September 2023

What is CVE-2023-40150?

Softneta MedDream PACS has a vulnerability that allows for remote code execution due to a lack of robust authentication checks. This flaw might permit unauthorized users to exploit certain dangerous functionalities, posing a significant risk to both system integrity and patient data confidentiality.

Affected Version(s)

MedDream PACS 0

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2023
Vulnerability Reserved
Aug 18, 2023

Credit

Noam Moshe of Claroty Research reported these vulnerabilities to CISA.

CVE-2023-40150 Data

JSON