CVE-2024-1696 – This vulnerability allows local attackers to ex... (How to Fix)

Q: What is the severity of CVE-2024-1696?

CVE-2024-1696 has a CVSS score of 7.8 (HIGH). This vulnerability allows local attackers to execute arbitrary code by exploiting an out-of-bounds write when a user opens a malicious DCM file in Santesoft Sante FFT Imaging. Affected users include healthcare organizations and medical imaging facilities using versions 1.4.1 and prior of this software.

📋 TL;DR

This vulnerability allows local attackers to execute arbitrary code by exploiting an out-of-bounds write when a user opens a malicious DCM file in Santesoft Sante FFT Imaging. Affected users include healthcare organizations and medical imaging facilities using versions 1.4.1 and prior of this software.

💻 Affected Systems

Products:

Santesoft Sante FFT Imaging

Versions: 1.4.1 and prior

Operating Systems: Windows (based on typical medical imaging software deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when opening DCM (DICOM) files, which is the primary function of this medical imaging software.

📦 What is this software?

Fft Imaging by Santesoft

View all CVEs affecting Fft Imaging →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the affected system, potentially leading to data theft, ransomware deployment, or disruption of medical imaging operations.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive medical data and system resources.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious DCM files from being opened.

🌐 Internet-Facing: LOW - Exploitation requires local access or user interaction with malicious files.

🏢 Internal Only: HIGH - Medical facilities with multiple users accessing DCM files are at significant risk from insider threats or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and local access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.4.2 or later (check vendor advisory)

Vendor Advisory: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01

Restart Required: Yes

Instructions:

1. Download latest version from Santesoft vendor portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart system. 5. Verify functionality with test DCM files.

🔧 Temporary Workarounds

Restrict DCM file sources

all

Only allow DCM files from trusted sources and implement file validation

User awareness training

all

Train users to only open DCM files from verified medical sources

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized software execution
Deploy endpoint detection and response (EDR) solutions to monitor for suspicious file operations

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is 1.4.1 or earlier, system is vulnerable.

Check Version:

Check via GUI: Help > About in Sante FFT Imaging application

Verify Fix Applied:

Verify version is 1.4.2 or later and test opening known-good DCM files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Multiple failed DCM file parsing attempts
Unusual process creation after DCM file access
Memory access violations in application logs

Network Indicators:

Unusual outbound connections from medical imaging workstations
File transfers of DCM files from untrusted sources

SIEM Query:

source="windows-security" EventCode=4688 AND ProcessName="*FFT*" AND CommandLine="*.dcm"

📊 Metadata

CVE ID: CVE-2024-1696

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 11, 2024

Last Updated: February 18, 2025

🔗 References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1696, you might also want to check these: