Critical Vulnerabilities in Softneta MedDream medical imaging software
Take action: It's almost unbelievable that enterprise products like medical software will keep cleartext passwords in 2023. Yet here we are - until you are ready to patch immediately restrict network exposure of MedDream to only internal trusted networks, use secure remote access methods like VPNs (keeping them updated), and be prepared that even with mitigating measures an attacker will eventually compromise the system. Best long term approach is to plan and execute patching.
Learn More
Softneta's MedDream PACS is exposed to critical security vulnerabilities, making it remotely exploitable with low attack complexity. Successful exploitation of these issues could allow attackers to obtain plaintext credentials or remotely execute arbitrary code.
Affected products include MedDream PACS versions up to v7.2.8.810.
CVE-2023-40150 (CVSS3 score 9.8) is an Exposed Dangerous Method or Function vulnerability, identified as lacks proper authentication checks on a remotely accessible control function of the software, potentially leading to unauthenticated remote code execution.
CVE-2023-39227 (CVSS3 score 6.1) is "just" Plaintext Storage of a Password vulnerability, meaning that the software is storing usernames and passwords in plaintext, which could be exploited by attackers to leak legitimate user credentials.
Combining both vulnerabilities will enable the attacker to exfiltrate all valid credentials of the software.
Softneta recommends users to update to MedDream PACS Server version v7.2.9.820 or apply the Fix-v230712 patch to their current systems for mitigation.
While there have been no reported public exploits targeting these vulnerabilities, organizations detecting suspicious activity should follow internal procedures for incident management.
