CVE-2024-33606 – This vulnerability in MicroDicom DICOM Viewer a... (How to Fix)

Q: What is the severity of CVE-2024-33606?

CVE-2024-33606 has a CVSS score of 8.8 (HIGH). This vulnerability in MicroDicom DICOM Viewer allows attackers to access, upload, or overwrite medical image files when user interaction is triggered. It affects healthcare organizations using this medical imaging software for viewing DICOM files. The vulnerability requires user interaction but poses significant data integrity and confidentiality risks.

📋 TL;DR

This vulnerability in MicroDicom DICOM Viewer allows attackers to access, upload, or overwrite medical image files when user interaction is triggered. It affects healthcare organizations using this medical imaging software for viewing DICOM files. The vulnerability requires user interaction but poses significant data integrity and confidentiality risks.

💻 Affected Systems

Products:

MicroDicom DICOM Viewer

Versions: Versions prior to 2024.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where MicroDicom DICOM Viewer is installed and used for medical image viewing. User interaction is required to exploit.

📦 What is this software?

Dicom Viewer by Microdicom

View all CVEs affecting Dicom Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate sensitive patient medical images, plant fraudulent medical images that could lead to misdiagnosis, or overwrite legitimate medical records, potentially causing patient harm and regulatory violations.

🟠

Likely Case

Unauthorized access to medical images leading to patient data breaches and potential manipulation of medical records in healthcare environments.

🟢

If Mitigated

Limited impact with proper network segmentation, user awareness training, and access controls preventing unauthorized file operations.

🌐 Internet-Facing: MEDIUM - While user interaction is required, internet-facing systems could be targeted through phishing or social engineering to trigger the vulnerability.

🏢 Internal Only: HIGH - Healthcare networks often have multiple users who could inadvertently trigger the vulnerability, and medical images are high-value targets for internal threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires user interaction but the file operations are straightforward once triggered. No public exploit code identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.2 or later

Vendor Advisory: https://www.microdicom.com/security-advisory

Restart Required: Yes

Instructions:

1. Download MicroDicom DICOM Viewer version 2024.2 or later from official website. 2. Close all instances of MicroDicom. 3. Run the installer. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MicroDicom systems from untrusted networks and implement strict firewall rules.

User Privilege Reduction

windows

Run MicroDicom with limited user privileges to restrict file system access.

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized file operations
Deploy endpoint detection and response (EDR) to monitor for suspicious file access patterns

🔍 How to Verify

Check if Vulnerable:

Check MicroDicom version via Help > About menu. If version is earlier than 2024.2, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify version is 2024.2 or later in Help > About menu and test file access controls.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in MicroDicom logs
Multiple failed or successful file operations from unexpected locations

Network Indicators:

Unexpected outbound transfers of large image files
Suspicious inbound connections to MicroDicom ports

SIEM Query:

source="MicroDicom" AND (event="FileAccess" OR event="FileWrite") AND (user NOT IN [authorized_users])

📊 Metadata

CVE ID: CVE-2024-33606

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-939

Published: June 11, 2024

Last Updated: April 23, 2025

🔗 References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-163-01 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-163-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33606, you might also want to check these: