All CISA Advisories, EN

MicroDicom DICOM Viewer

2025-02-06 16:02

1. EXECUTIVE SUMMARY

CVSS v4 5.7
ATTENTION: Low attack complexity
Vendor: MicroDicom
Equipment: DICOM Viewer
Vulnerability: Improper Certificate Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to alter network traffic and perform a machine-in-the-middle (MITM) attack.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following MicroDicom DICOM Viewer are affected:

MicroDicom DICOM Viewer: Version 2024.03

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295

MicroDicom DICOM Viewer fails to adequately verify the update server’s certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server’s response and deliver a malicious update to the user.

CVE-2025-1002 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2025-1002. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUART

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

MicroDicom DICOM Viewer

Share this:
Facebook
X
LinkedIn

Related

Tags: All CISA Advisories EN

Post navigation

← Schneider Electric EcoStruxure

Schneider Electric EcoStruxure Power Monitoring Expert (PME) →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

CrowdStrike Falcon Windows Sensor Flaw Could Let Attackers Execute Code and Delete Files October 9, 2025

IT Security News Hourly Summary 2025-10-09 06h : 4 posts October 9, 2025

Turning the human factor into your strongest cybersecurity defense October 9, 2025

Behind the screens: Building security customers appreciate October 9, 2025

2025-10-08: Infection from Kongtuke campaign’s ClickFix page October 9, 2025

Microsoft 365 Outage Blocks Access to Teams, Exchange Online, and Admin Center – Updated October 9, 2025

Six metrics policymakers need to track cyber resilience October 9, 2025

ISC Stormcast For Thursday, October 9th, 2025 https://isc.sans.edu/podcastdetail/9648, (Thu, Oct 9th) October 9, 2025

[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th) October 9, 2025

CrowdStrike Falcon Windows Sensor Vulnerability Enables Code Execution and File Deletion October 9, 2025

Discord Data Breach – 1.5 TB of Data and 2 Million Government ID Photos Extorted October 9, 2025

IT Security News Hourly Summary 2025-10-09 03h : 4 posts October 9, 2025

FreePBX SQL Injection Vulnerability Exploited to Modify The Database October 9, 2025

Crimson Collective Leverages AWS Services to Exfiltrate Sensitive Data October 9, 2025

Exciting Developments in Cloud-Native Security October 9, 2025

Zero Trust for AI Agents: Implementing Dynamic Authorization in an Autonomous World October 9, 2025

IT Security News Hourly Summary 2025-10-09 00h : 5 posts October 9, 2025

Research Finds That API Security Blind Spots Could Put AI Agent Deployments at Risk October 9, 2025

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats October 9, 2025

IT Security News Daily Summary 2025-10-08 October 9, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}