Damian Semon Jr., Penetration Tester for Blue Team Alpha, recently identified a vulnerability in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 (CVE-2024-22774). This vulnerability, if exploited, would allow a local attacker to escalate privileges to NT AUTHORITY\SYSTEM.
Understanding CVE-2024-22774
DLL proxying is a technique that threat actors can use to trick a program into loading a malicious DLL file. While researching this technique in X-ray machine software, Damian attempted to get a malicious DLL to run without interfering with the software’s functionality. In doing so, he found a privilege escalation vulnerability that could potentially survive a clean wipe and reinstall of the operating system.
It is important to note that the software is no longer receiving updates. However, x-ray machines that use the software are still in use around the United States, meaning, there is still a potential risk from this vulnerability.
Importance of Vigilance
This discovery underscores the importance of ongoing vigilance in the healthcare industry. Medical devices, like X-ray software, can be attractive targets for attackers, and it’s crucial to have robust security measures in place.
Seek expert advice: If you have concerns about your X-ray software security, consult a cybersecurity professional at Blue Team Alpha.
By working together, we can help ensure that the healthcare industry is a safe and secure environment for patients and providers.
For more about this vulnerability, check out the CVE entry.
For a formal explanation of how the vulnerability works, review Damian’s write-up.