Researchers have discovered many flaws in the software for the Canon Medical Vitrea View tool. Exploiting the weaknesses might expose the attacker to patient information and other associated services. Following the problem reports, Canon Medical rectified the flaws, requiring customers to upgrade their systems in order to obtain the changes.
Vulnerabilities in Canon Medical Vitrea
According to reports, Trustwave Spiderlabs researchers uncovered two separate vulnerabilities in Canon Medical Vitrea View software. According to their research, the weaknesses were in the third-party software that powered the Canon Medical application for viewing medical photos. An adversary might obtain access to patients’ data and other Vitrea View services by exploiting the weaknesses.
The initial vulnerability was a reflected cross-site scripting (XSS) vulnerability in the error message. The issue was discovered when the error page at /vitrea-view/error/ displayed to the user all input after the /error/ subfolder. While it had some minor constraints, a savvy user could get around them by using backticks (‘) and base64 encoding, as well as importing remote programmes.
The next vulnerability was similarly found as a reflected XSS, although it was present in the Vitrea View Administrative panel. The researchers described this vulnerability as follows:
When text is entered instead of the expected numerical inputs, the search for ‘groupID,’ ‘offset,’ and ‘limit’ on the administrative panel’s ‘Group and Users’ page all reflect their input back to the user. The mirrored input, like the prior discovery, is slightly limited in that it does not allow spaces.
To exploit the vulnerability, an attacker had to employ social engineering to deceive the target user into granting admin panel access. An attacker might simply accomplish this by providing the affected user a maliciously designed link. The attacker would then have administrative authority if they clicked the link. An attacker might view and access patients’ details, including photos and scans, by exploiting the weaknesses. Furthermore, the attacker might get access to critical service credentials and potentially manipulate the information based on the gained rights.
Canon Medical corrected the flaws.
Following this finding, Trustwave researchers responsibly revealed the vulnerabilities to Canon Medical management. In response, the suppliers fixed rolled out the patched software version 7.7.6 for their devices. Hence now, the experts recommend the users to upgrade their devices to the newest software version to acquire the fixes.