Primary

Context

MedDream PACS Premium Incorrect Default Permissions Vulnerability Allowing Credential Decryption

Vulnerability

A vulnerability exists in MedDream PACS Premium version 7.3.3.840 due to incorrect default permissions in the CServerSettings::SetRegistryValues function. This vulnerability allows a specially crafted application to decrypt credentials stored in a registry key related to configuration. An attacker could exploit this vulnerability by executing a malicious script or application.

Impact

Exploitation of this vulnerability allows for unauthorized access to decrypted database credentials, including the username and password, which could lead to full access to the associated database. If the database is on the same system as the MedDream server, the credentials are stored in plaintext in a file.

Remediation

MedDream has released a patch for this vulnerability. Users should update to the latest version.

Added: Jul 28, 2025, 2:32 PM

Updated: Jul 28, 2025, 2:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MedDream PACS Premium Incorrect Default Permissions Vulnerability Allowing Credential Decryption

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating