There is a high severity vulnerability discovered in Panoramic Digital Imaging Software. A threat actor who succeeds in exploiting this vulnerability could enable a standard user to get NT Authority/SYSTEM privileges. The vulnerability affects critical infrastructure in the healthcare and public health sectors in North America.
Damian Semon Jr. of Blue Team Alpha LLC, discovered the vulnerability that impacts the Digital Imaging Software v.9.1.2.7600 manufactured by Panoramic Corporation. The vulnerability is caused by an uncontrolled search path element (CWE-427) that makes the software prone to DLL hijacking, allowing an attacker or a standard user to get NT Authority/SYSTEM. The vulnerability is monitored as CVE-2024-22774 and has an assigned CVSS v4 base rating of 8.5 and CVSS v3.1 rating of 7.8.
The vulnerability impacts an SDK part supplied by Oy Ajat Ltd, which is not supported now. Panoramic Corporation has not released a patch to resolve the vulnerability, since it doesn’t impact a part owned by Panoramic Corporation. There are no suggested mitigations issued. End-users must communicate with Panoramic Corporation for more details by emailing [email protected]
The vulnerability report was submitted to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA advises end-users and organizations to:
- Implement protective measures, such as limiting network exposure by disconnecting control system devices and networks from the Web, protecting control system networks with firewalls and separating them from business systems, and using secure methods whenever remote access is necessary, like a virtual private network (VPN).
- Conduct appropriate impact analysis and risk assessment before implementing safety measures.
- Download the published recommended control systems security practices on the ICS page on cisa.gov/ics. Various CISA products outlining cyber defense guidelines can be downloaded, such as Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies, and ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
- Implement suggested cybersecurity techniques for the proactive protection of ICS assets.
Organizations noticing probable malicious activity must follow standard internal procedures and submit a report to CISA for monitoring and linking to other incidents. HIPAA training IT professionals should take note of this.
CISA has not received any known public exploitation focusing on this vulnerability at this time. It is not possible to exploit this vulnerability remotely.
