​Noam Moshe

**Name of the Vulnerable Software and Affected Versions** Softneta MedDream PACS (affected versions not specified) **Description** The issue concerns a lack of authentication check in the affected product, leading to the performance of dangerous functionality. This could result in unauthenticated remote code execution. A proof-of-concept exploit has been demonstrated, showing how an attacker could gain pre-authentication remote code execution on a PACS server and replace a DICOM study. The estimated number of potentially affected devices worldwide is not specified. However, it is mentioned that a healthcare data breach report found that almost 12 million people were affected by a leak due to a PACS server hack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Softneta MedDream PACS (affected versions not specified) **Description** The issue concerns the storage of usernames and passwords in plaintext. This could be exploited by attackers to leak legitimate users' credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.