High-Severity Vulnerability Patched in AJAT Panoramic Dental Imaging Software
A critical security flaw in AJAT Panoramic Dental Imaging Software has been patched following its discovery by security researcher Damian Semon Jr. of Blue Team Alpha Inc. The vulnerability, tracked as CVE-2024-22774, affects versions prior to 6.6.1.490 and stems from an uncontrolled search path element, enabling DLL hijacking attacks.
Exploiting this flaw could allow an attacker to escalate privileges to NT Authority/SYSTEM via the ccsservice.exe component, granting full control over affected systems. The bug carries a high-severity rating, with a CVSS v4 score of 8.5 and a CVSS v3.1 score of 7.8.
The software, now owned by Varex Imaging (following its acquisition of Direct Conversion Ltd., formerly Oh AJAT Ltd.), has received a patch. Users are urged to apply the update by running the installation executable on all workstations running the affected software.
The Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged the vulnerability, recommending mitigations such as restricting software access behind firewalls, avoiding direct internet exposure, and using secure remote connections like VPNs when necessary.
Source: https://www.hipaajournal.com/high-severity-vulnerability-ajat-panoramic-dental-imaging-software/
Varex Imaging Corporation cybersecurity rating report: https://www.rankiteo.com/company/varex-imaging-corporation
"id": "VAR1765562990",
"linkid": "varex-imaging-corporation",
"type": "Vulnerability",
"date": "1/2024",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Medical Imaging',
'name': 'Varex Imaging',
'type': 'Corporation'}],
'attack_vector': 'DLL Hijacking',
'customer_advisories': 'Users advised to install the patch as soon as '
'possible',
'description': 'A patch has been released to fix a high-severity '
'vulnerability in AJAT Panoramic Dental Imaging software. The '
'bug, tracked as CVE-2024-22774, affects the AJAT Panoramic '
'Dental Imaging Software SDK and makes it vulnerable to DLL '
'hijacking, potentially allowing an attacker to obtain NT '
'Authority/SYSTEM as a standard user.',
'impact': {'systems_affected': 'AJAT Panoramic Dental Imaging Software '
'(versions prior to 6.6.1.490)'},
'investigation_status': 'Vulnerability patched',
'post_incident_analysis': {'corrective_actions': 'Patch released to fix DLL '
'hijacking vulnerability',
'root_causes': 'Uncontrolled search path element '
'in ccsservice.exe component'},
'recommendations': ['Install the patch (version 6.6.1.490) on all affected '
'workstations',
'Locate software behind a firewall and prevent internet '
'access',
'Use secure remote access methods (e.g., VPN with latest '
'software)'],
'references': [{'source': 'Blue Team Alpha Inc.'}, {'source': 'CISA'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to CISA'},
'response': {'containment_measures': 'Patch released (version 6.6.1.490)',
'network_segmentation': 'Recommended to locate software behind a '
'firewall and prevent internet access',
'remediation_measures': 'Users advised to install the patch on '
'each workstation running the software'},
'title': 'High-severity Vulnerability Patched in AJAT Panoramic Dental '
'Imaging Software',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2024-22774 (Uncontrolled search path element)'}