Impact
The vulnerability is an unauthenticated remote code execution flaw that allows attackers to read and write arbitrary files through an exposed .NET Remoting TCP service on port 22222. By exploiting PGImageExchQueue.exe, an attacker can chain a file‑write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe. The chain causes the service to restart and load missing DLLs such as CRYPTSP.DLL from the application directory, thereby executing arbitrary code as NT Authority\SYSTEM. This privilege escalation provides the attacker with full control over the affected system.
Affected Systems
Hyland PACSgear PACS Scan version 5.2.1 is susceptible to the vulnerability. Only this product and version are currently documented as affected; other versions are not known to be impacted.
Risk and Exploitability
The flaw scores a CVSS of 9.3, indicating critical severity, and is reachable via a network connection to port 22222 without authentication. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires an actor to have network access to the host running PACS Scan; no administrative privileges or local access are needed to start the exploitation. Once the attacker establishes a connection, the vector of exploitation is simple: send a crafted payload that triggers the file write and DLL hijack, leading to system‑level code execution upon service restart.
OpenCVE Enrichment