PT-2026-54908 · Pacsgear · Pacsgear Pacs Scan
Jan A. Rodriguez
+1
·
Published
2026-07-01
·
Updated
2026-07-02
·
CVE-2026-58126
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PACSgear PACS Scan version 5.2.1
Description
An unauthenticated remote code execution issue exists due to an exposed .NET Remoting TCP service on port 22222 used by
PGImageExchQueue.exe. The flaw stems from insecure remoting endpoints and improper authentication and access control, allowing remote attackers to read and write arbitrary files. This capability can be chained with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory. Upon service restart, this allows for remote code execution with NT AUTHORITYSYSTEM privileges, potentially leading to complete host takeover, lateral movement, and data theft in clinical imaging environments.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Deserialization of Untrusted Data
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pacsgear Pacs Scan