CVE-2024-1453 - Vulnerability Details - OpenCVE

Description

In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.

Published: 2024-03-01

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Santesoft

Sante DICOM Viewer Pro

unaffected

Version	Status	Constraints
`0`	affected	≤ 14.0.3

Configuration 1 [-]

cpe:2.3:a:santesoft:dicom_viewer_pro:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Santesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v14.0.4 https://santesoft.com/win/sante-dicom-viewer-pro/download.html or later.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-17205	In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01

History

Thu, 16 Jan 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Santesoft Santesoft dicom Viewer Pro
CPEs		cpe:2.3:a:santesoft:dicom_viewer_pro::::::::
Vendors & Products		Santesoft Santesoft dicom Viewer Pro

Subscriptions

Santesoft Dicom Viewer Pro

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-03-01T18:56:40.511Z

Updated: 2024-08-15T16:04:58.703Z

Reserved: 2024-02-12T16:07:23.146Z

Link: CVE-2024-1453

Vulnrichment

Updated: 2024-08-01T18:40:21.169Z

NVD

Status : Analyzed

Published: 2024-03-01T19:15:07.037

Modified: 2025-01-16T16:03:19.477

Link: CVE-2024-1453

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-125

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1453", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-02-12T16:07:23.146Z", "datePublished": "2024-03-01T18:56:40.511Z", "dateUpdated": "2024-08-15T16:04:58.703Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sante DICOM Viewer Pro", "vendor": "Santesoft", "versions": [{"lessThanOrEqual": "14.0.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinzl reported this vulnerability to CISA."}], "datePublic": "2024-02-27T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.</span>\n\n"}], "value": "\nIn Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-03-01T18:56:40.511Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Santesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://santesoft.com/win/sante-dicom-viewer-pro/download.html\">v14.0.4</a><span style=\"background-color: rgb(255, 255, 255);\"> or later.</span>\n\n<br>"}], "value": "\nSantesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v14.0.4 https://santesoft.com/win/sante-dicom-viewer-pro/download.html \u00a0or later.\n\n\n"}], "source": {"advisory": "ICSMA-24-058-01", "discovery": "EXTERNAL"}, "title": "Santesoft Sante DICOM Viewer Pro Out-of-Bounds Read", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.169Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "santesoft", "product": "dicom_viewer_pro", "cpes": ["cpe:2.3:a:santesoft:dicom_viewer_pro:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "14.0.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-15T16:00:13.253708Z", "id": "CVE-2024-1453", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T16:04:58.703Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.169Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1453", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-15T16:00:13.253708Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:santesoft:dicom_viewer_pro:*:*:*:*:*:*:*:*"], "vendor": "santesoft", "product": "dicom_viewer_pro", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "14.0.3"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T16:02:28.064Z"}}], "cna": {"title": "Santesoft Sante DICOM Viewer Pro Out-of-Bounds Read", "source": {"advisory": "ICSMA-24-058-01", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinzl reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Santesoft", "product": "Sante DICOM Viewer Pro", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "14.0.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nSantesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v14.0.4 https://santesoft.com/win/sante-dicom-viewer-pro/download.html \u00a0or later.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Santesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://santesoft.com/win/sante-dicom-viewer-pro/download.html\">v14.0.4</a><span style=\"background-color: rgb(255, 255, 255);\"> or later.</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-02-27T18:00:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIn Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-03-01T18:56:40.511Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1453", "state": "PUBLISHED", "dateUpdated": "2024-08-15T16:04:58.703Z", "dateReserved": "2024-02-12T16:07:23.146Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-03-01T18:56:40.511Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:santesoft:dicom_viewer_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E360E05-7D6B-44A0-B2CB-E025654F1DD4", "versionEndExcluding": "14.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIn Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.\n\n"}, {"lang": "es", "value": "En las versiones 14.0.3 y anteriores de Sante DICOM Viewer Pro, un usuario debe abrir un archivo DICOM malicioso, lo que podr\u00eda permitir a un atacante local revelar informaci\u00f3n o ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2024-1453", "lastModified": "2025-01-16T16:03:19.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-01T19:15:07.037", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}