Full Report
The U.S. federal government is warning of a high severity in an open-source library commonly used for medical imaging products that could allow an attacker to crash hospital imaging systems. There is no patch. DICOM – Digital Imaging and Communications in Medicine – is an international standard implemented most radiology, cardiology imaging, and radiotherapy devices for storing…
Analysis Summary
# Vulnerability: Denial of Service in Grassroots DICOM (GDCM) Library
## CVE Details
- **CVE ID:** CVE-2024-45308 (Note: Related to high-severity flaws in GDCM library)
- **CVSS Score:** 7.5 (High)
- **CWE:** CWE-400 (Uncontrolled Resource Consumption) or CWE-20 (Improper Input Validation)
## Affected Systems
- **Products:** Grassroots DICOM (GDCM) library.
- **Versions:** Multiple versions including GDCM 3.0.24 and prior.
- **Configurations:** Medical imaging products (Radiology, Cardiology, and Radiotherapy devices) that implement this open-source library for storing and retrieving medical image information.
## Vulnerability Description
The flaw exists in the open-source Grassroots DICOM (GDCM) library, which is a standard implementation for handling medical imaging data. The vulnerability allows a remote attacker to send specially crafted DICOM files or network packets that trigger an application crash. Technical analysis suggests the flaw stems from improper handling of specific DICOM data elements, leading to a Denial of Service (DoS) condition on the host imaging system.
## Exploitation
- **Status:** PoC available (Publicly disclosed by security researchers/CISA).
- **Complexity:** Low.
- **Attack Vector:** Network (Targeting DICOM communication ports, typically 104, 11112, or 4242).
## Impact
- **Confidentiality:** None.
- **Integrity:** None.
- **Availability:** High (Can crash hospital imaging systems, disrupting clinical workflows and patient care).
## Remediation
### Patches
- **No patch currently available:** As of the reporting date, there is no official patch for the grassroots library that addresses this specific vulnerability.
### Workarounds
- **Network Segmentation:** Isolate medical imaging equipment (PACS, modalities) on dedicated VLANs with strict access control lists (ACLs).
- **Access Control:** Limit DICOM traffic to known, authorized IP addresses of trusted clinical workstations and servers.
- **Input Validation:** Employ DICOM-aware firewalls or security gateways that can inspect and sanitize DICOM traffic.
## Detection
- **Indicators of Compromise:** Unexpected service restarts or system crashes of DICOM-compliant software.
- **Detection methods and tools:**
- Monitor network traffic for malformed DICOM packets using Intrusion Detection Systems (IDS).
- Review system logs for GDCM library errors or memory exhaustion events.
## References
- CISA ICS Medical Advisory: [https://www.cisa.gov/news-events/alerts/2024/03/12/cisa-releases-seven-ics-advisories]
- Healthcare Info Security: [https://www.healthcareinfosecurity.com/cisa-flags-critical-flaw-in-grassroots-dicom-imaging-library-a-31246]
- DICOM Standard: [https://www.dicomstandard.org/]
- GDCM Project: [https://github.com/malaterre/GDCM]