Potential Risk of CVE, Public safety

If the design defect cannot be remedied in time. Prevention and detection control is one of them. (Philips Vue PACS) [7-7-2021]

Leave a comment

Preface: In theory, if your software application design trusts multiple vendors. Repairing takes more time. Because you need to do more verification.

Technology background: Digital Imaging and Communications in Medicine (DICOM) is the standard for the communication and management of medical imaging information and related data. DICOM is most commonly used for storing and transmitting medical images enabling the integration of medical imaging devices such as scanners, servers, workstations, printers, network hardware, and picture archiving and communication systems (PACS) from multiple manufacturers. It has been widely adopted by hospitals and is making inroads into smaller applications like dentists’ and doctors’ offices.

What is Vue PACS Philips?

Philips Vue Picture Archiving and Communication System (PACS), formerly known as CARESTREAM Vue PACS, is an image-management software that provides scalable local
and wide area PACS solutions for hospitals and related institutions.

Philips Vue PACS communications are based on the Digital Imaging and Communications in Medicine (DICOM) 3.0 standard. This enables the server to communicate with any DICOM 3.0 compliant products (such as scanners, workstations, hardcopy units). The server acts as a DICOM Provider, thus other stations can retrieve and send images to and from the server.

Vulnerability details: Philips Vue PACS design require to work with Redis and Oracle. This technology utilizes an Oracle Database and its servers are stored on VA premises. DICOM image data from the modalities is stored on image cache on the PACS server attached to Storage Area Network/Network Attached Storage (SAN/NAS)-type storage technology. However it was discovered design limitation in both software. Meanwhile the software application itself also discovered different vulnerabilities.

My observation: If exisitng vulnerabilities cannot fixed immediately. It is recommended to monitoring the network connectivitiy. It is better to install a IPS to monitoring inbound and outbound network traffics in this segment. If this philips web server and DN are mistaken install to a flat LAN. Perhaps you require to install a proxy server in front of this device.

US-Cert recommendation: https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.