CVE-2023-40150

Name of the Vulnerable Software and Affected Versions Softneta MedDream PACS (affected versions not specified)

Description The issue concerns a lack of authentication check in the affected product, leading to the performance of dangerous functionality. This could result in unauthenticated remote code execution. A proof-of-concept exploit has been demonstrated, showing how an attacker could gain pre-authentication remote code execution on a PACS server and replace a DICOM study. The estimated number of potentially affected devices worldwide is not specified. However, it is mentioned that a healthcare data breach report found that almost 12 million people were affected by a leak due to a PACS server hack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.