Santesoft’s Sante FFT Imaging is under scrutiny due to a critical vulnerability flagged by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). With a CVSS v3 score of 7.8 and low attack complexity, the identified Out-of-Bounds Write flaw in Sante FFT Imaging versions 1.4.1 and prior poses a significant risk. Exploiting this vulnerability enables a local attacker to execute arbitrary code upon a user opening a malicious DCM file within the affected FFT Imaging installations. This issue, tracked under CVE-2024-1696, calls for immediate attention within the healthcare and public health sectors, where Sante FFT Imaging is deployed worldwide. Michael Heinzl reported the vulnerability to CISA, emphasizing the importance of updating to Sante FFT Imaging version 1.4.2 or later.
To address this security concern, Santesoft has promptly released an updated version of their product. CISA recommends users adopt preventive measures against social engineering attacks, advising caution when interacting with unsolicited emails and attachments. The agency underscores the significance of proper impact analysis and risk assessment before deploying defensive measures. Organizations are encouraged to follow recommended cybersecurity strategies and leverage available resources on the ICS webpage for enhanced defense of Industrial Control Systems (ICS) assets. While no public exploitation targeting this vulnerability has been reported to CISA, organizations are urged to remain vigilant and report any suspicious activities in adherence to internal procedures. This notification serves as an essential prompt for users to update their software promptly and enhance their security posture in the face of potential risks.
