Attacker can access and manipulate sensitive medical images
CVE-2024-33606

8.8HIGH

Key Information:

Vendor: Microdicom
Status: Dicom Viewer
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-33606?

A security issue has been identified in the MicroDicom DICOM Viewer that allows an attacker to access sensitive files, such as medical images, and potentially alter or replace existing files. The vulnerability requires user interaction for exploitation, which could occur through malicious file uploads or through social engineering tactics aimed at the user. This presents a significant risk in environments that rely on the integrity and confidentiality of medical imaging data.

Affected Version(s)

DICOM Viewer 0 < 2024.2

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 23, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.

Microdicom

What is CVE-2024-33606?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit