Horizon Alert
Summary of the vulnerability and why it matters
This advisory addresses a critical vulnerability in PACSgear PACS Scan, a medical imaging software. The issue involves an unauthenticated remote code execution flaw that could allow unauthorized access and modification of files. The primary concern is to determine if this specific technology is in use within our organization and, if so, to assess the potential exposure.
- Software allows remote takeover.
- Critical flaw affects medical imaging software.
- Confirm if used; assess exposure risk.
Attack Path
How an attacker could exploit the issue
An attacker can remotely exploit a vulnerable .NET Remoting TCP service to read and write arbitrary files. By chaining this file manipulation capability with DLL hijacking, the attacker can ultimately achieve remote code execution with SYSTEM privileges after the service restarts.
- Unauthenticated network exposure required.
- Triggered via exposed TCP service.
- Results in SYSTEM-level code execution.
Live Threat
Current exploitation, exposure, and threat context
A critical vulnerability in a specialized medical imaging service could allow unauthenticated remote attackers to read and write arbitrary files, potentially leading to remote code execution. This could affect system integrity and access to sensitive medical data.
- System files and medical data at risk.
- Attackers exploit exposed .NET service.
- Remote code execution as SYSTEM.
Operational Fix
Recommended remediation, mitigation, and detection steps
This critical vulnerability in PACSgear PACS Scan's .NET Remoting service requires immediate attention. Application owners, in coordination with infrastructure and security teams, are responsible for identifying all instances of this software. The first step is to locate the affected technology, assess its network exposure and business criticality, and determine the accountable system owner to plan remediation.
- Identify application and infrastructure owners.
- Verify network exposure and business criticality.
- Plan remediation based on identified risks.