{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1696", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-02-21T00:48:26.810Z", "datePublished": "2024-03-11T16:51:58.503Z", "dateUpdated": "2024-08-12T20:31:28.073Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sante FFT Imaging", "vendor": "Santesoft", "versions": [{"lessThanOrEqual": "1.4.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinzl reported this vulnerability to CISA."}], "datePublic": "2024-03-05T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.</span>\n\n"}], "value": "In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-03-11T16:51:58.503Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Santesoft released an updated version of their product and recommends users update Sante FFT Imaging to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://santesoft.com/win/sante-fft-imaging/download.html\">v1.4.2</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;or later.</span>\n\n<br>"}], "value": "\nSantesoft released an updated version of their product and recommends users update Sante FFT Imaging to v1.4.2 https://santesoft.com/win/sante-fft-imaging/download.html \u00a0or later.\n\n\n"}], "source": {"advisory": "ICSMA-24-065-01", "discovery": "EXTERNAL"}, "title": "Santesoft Sante FFT Imaging Out-of-bounds Write", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.673Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "santesoft", "product": "fft_imaging", "cpes": ["cpe:2.3:a:santesoft:fft_imaging:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-11T17:37:46.240070Z", "id": "CVE-2024-1696", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T20:31:28.073Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.673Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1696", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-11T17:37:46.240070Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:santesoft:fft_imaging:-:*:*:*:*:*:*:*"], "vendor": "santesoft", "product": "fft_imaging", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T20:31:24.030Z"}}], "cna": {"title": "Santesoft Sante FFT Imaging Out-of-bounds Write", "source": {"advisory": "ICSMA-24-065-01", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinzl reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Santesoft", "product": "Sante FFT Imaging", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nSantesoft released an updated version of their product and recommends users update Sante FFT Imaging to v1.4.2 https://santesoft.com/win/sante-fft-imaging/download.html \u00a0or later.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Santesoft released an updated version of their product and recommends users update Sante FFT Imaging to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://santesoft.com/win/sante-fft-imaging/download.html\">v1.4.2</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;or later.</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-03-05T18:00:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.\n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-03-11T16:51:58.503Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1696", "state": "PUBLISHED", "dateUpdated": "2024-08-12T20:31:28.073Z", "dateReserved": "2024-02-21T00:48:26.810Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-03-11T16:51:58.503Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:santesoft:fft_imaging:*:*:*:*:*:*:*:*", "matchCriteriaId": "A718BF3B-0247-49E7-B3D5-DDE14C75869A", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.\n\n"}, {"lang": "es", "value": "En Santesoft Sante FFT Imaging versiones 1.4.1 y anteriores, una vez que un usuario abre un archivo DCM malicioso en las instalaciones de FFT Imaging afectadas, un atacante local podr\u00eda realizar una escritura fuera de los l\u00edmites, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2024-1696", "lastModified": "2025-02-18T13:43:18.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-11T17:15:46.007", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{}