ZCyberNews
中文
VulnerabilitiesHigh2 min read
CVE-2023-26012CVE-2023-26013CVE-2023-26014

Orthanc DICOM CVE-2023-26012: Pre-Auth RCE on Imaging Servers

Three flaws in Orthanc DICOM server let unauthenticated attackers crash, read, or take over hospital imaging systems. Affected versions and patch details inside.

Orthanc DICOM CVE-2023-26012: Pre-Auth RCE on Imaging Servers

Executive Summary

Multiple high-severity vulnerabilities in the Orthanc DICOM server could allow attackers to cause denial-of-service (DoS) conditions, disclose sensitive information, and execute arbitrary code. The flaws affect Orthanc versions 1.11.2 and earlier. Users are urged to upgrade to version 1.11.3, which patches these vulnerabilities.

Technical Analysis

Orthanc is an open-source DICOM server for medical imaging. It is widely used in healthcare organizations to store, manage, and exchange medical images.

Researchers discovered three vulnerabilities in Orthanc:

  1. CVE-2023-26012: An out-of-bounds read vulnerability in the DICOM parsing component can lead to information disclosure.
  2. CVE-2023-26013: A stack-based buffer overflow vulnerability in the DICOM parsing component can lead to DoS conditions and potentially arbitrary code execution.
  3. CVE-2023-26014: A heap-based buffer overflow vulnerability in the DICOM parsing component can also lead to DoS conditions and potentially arbitrary code execution.

Successful exploitation of these vulnerabilities could allow attackers to disrupt healthcare services, access sensitive patient data, and execute malicious code on affected systems.

Tactics, Techniques & Procedures

Attackers could exploit these vulnerabilities by sending specially crafted DICOM files to an affected Orthanc server. This could be done through various means, such as:

  • Uploading malicious DICOM files through web interfaces
  • Sending malicious DICOM files via network protocols
  • Intercepting and modifying legitimate DICOM file transfers

Threat Actor Context

No specific threat actors have been associated with these vulnerabilities at this time. However, given the potential impact, it is likely that attackers will attempt to exploit these flaws, particularly those targeting healthcare organizations.

Mitigations & Recommendations

Orthanc users should upgrade to version 1.11.3 or later, which patches these vulnerabilities. Additionally, administrators should:

  • Monitor Orthanc logs for suspicious activity
  • Restrict network access to Orthanc servers
  • Implement strong authentication and access controls
  • Regularly update and patch Orthanc and other DICOM-related software

Stay Updated

Get the latest cybersecurity news delivered to your inbox.

Tags:#vulnerability#dicom#orthanc#dos#info-disclosure#rce

Related Articles

CVE-2026-20223 (CVSS 10): Unauthenticated API Access in Cisco SecureCRITICAL
Vulnerabilities

CVE-2026-20223 (CVSS 10): Unauthenticated API Access in Cisco Secure

CVE-2026-20223 (CVSS 10.0): Unauthenticated attackers can access internal REST APIs in Cisco Secure Workload with Site Admin privileges. No authentication required.

CVE-2026-20223
3 min read
CVE-2026-2586: Authenticated RCE in GlassFish Admin ConsoleCRITICAL
Vulnerabilities

CVE-2026-2586: Authenticated RCE in GlassFish Admin Console

CVE-2026-2586 (CVSS 9.1) lets authenticated users execute arbitrary OS commands via crafted requests to GlassFish's Administration Console. No patch available as of May 20.

CVE-2026-2586
3 min read
CVE-2026-4883: Piotnet Forms Plugin RCE via Phar UploadCRITICAL
Vulnerabilities

CVE-2026-4883: Piotnet Forms Plugin RCE via Phar Upload

CVE-2026-4883 (CVSS 9.8) in Piotnet Forms ≤2.1.40 lets unauthenticated attackers upload .phar or .phtml files via an incomplete extension blacklist, enabling remote code execution.

CVE-2026-4883
4 min read