Thursday, April 18, 2024

Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info

Trustwave researchers discovered two XSS flaws in Canon Medical’s Vitrea View tool that could expose patient information.

During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities, collectively as CVE-2022-37461, in third-party software for Canon Medical’s Vitrea View. The Vitrea View tool allows viewing and securely share medical images through the DICOM standard.

An attacker can trigger the flaws to access/modify patient information (i.e. stored images and scans) and obtain additional access to some services associated with Vitrea View.

“If exploited an attacker could access patient information and obtain additional access to various services associated with Vitrea View.” reads the report published by Trustwave Spiderlabs.

The first issue is an unauthenticated Reflected XSS that resides in an error message at /vitrea-view/error/ which reflects all input after the /error/ subdirectory back to the user, with minor restrictions. The experts noticed that single and double quotes, and space characters can break the reflection. The use od backticks (`) and base64 encoding could allow avoiding these restrictions, however, and importing remote scripts.

The second issue is another Reflected XSS in the Vitrea View Administrative panel. An attacker can access the panel by tricking the victims into clicking on a specially crafted link. The experts discovered that search for ‘groupID’, ‘offset’, and ‘limit’ in the ‘Group and Users’ page of the administration panel all reflect their input back to the user when text is entered instead of the expected numerical inputs.

“Like the previous finding, the reflected input is slightly restricted, as it does not allow spaces. Once an authenticated admin is coerced into visiting the affected URL, it is possible to create and modify the Python, JavaScript and Groovy scripts used by the Vitrea View application.” continues the report.

The experts also published a proof of concept for both vulnerabilities.

Recommended:  Kaspersky crimeware report: Uncommon infection and propagation methods

Canon Medical addressed both vulnerabilities with the release of Vitrea View version 7.7.6.

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest Cybersecurity News

Cybersecurity Academy



Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates