Primary

Context

MicroDicom DICOM Viewer Improper Certificate Validation Vulnerability Allowing Machine-in-the-Middle Attacks

Vulnerability

Patched

A vulnerability exists in MicroDicom DICOM Viewer version 2024.03 due to improper validation of the update server's certificate. This flaw could enable attackers in a privileged network position to intercept and alter network traffic, executing a machine-in-the-middle (MITM) attack. Such an attack would allow the modification of the server's response to the user, potentially delivering a malicious update.

Impact

Exploitation of this vulnerability could lead to a machine-in-the-middle (MITM) attack, allowing attackers to intercept, alter, and inject malicious updates into the user's DICOM viewer.

Remediation

Users are advised to upgrade to MicroDicom DICOM Viewer version 2025.1. For additional guidance, refer to the CISA ICS Medical Advisory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MicroDicom DICOM Viewer Improper Certificate Validation Vulnerability Allowing Machine-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

MicroDicom DICOM Viewer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating