DICOM 128 Byte Preamble RCE Vulnerability

NEMA (the US National Electrical Manufacturers Association) has released details of a vulnerability in the Digital Imaging and Communications in Medicine (DICOM) medical imaging standard.

Threat ID:: CC-3095
Category:: Exploit
Threat Severity:: Medium
Threat Vector:
Published:: 13 June 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

NEMA (the US National Electrical Manufacturers Association) has released details of a vulnerability in the Digital Imaging and Communications in Medicine (DICOM) medical imaging standard.

Threat details

A remote authenticated attacker could exploit this vulnerability to execute arbitrary code on an affected system.

The DICOM standard is used for the management and communication of medical image data, and is used in medical and diagnostic devices, picture archiving and communication systems (PACS), vendor neutral archives (VNA) and workstations.

All DICOM file begin with a 128-byte preamble to provide compatibility with non-DICOM systems. This preamble can be altered by an attacker to include a malicious Portable Executable (PE) file which will execute when the preamble is read.

For further information:

Remediation steps

Type	Step
	Organisations are encouraged to review the DICOM FAQ response and apply the relevant mitigations.

Last edited: 14 February 2020 2:47 pm