A critical vulnerability has been discovered in the meddream MedDream PACS Premium software, a system used for managing medical images. This flaw could allow an unauthenticated attacker to gain elevated administrative privileges by uploading a malicious file, potentially leading to the unauthorized access, modification, or theft of sensitive patient health information. Due to the high severity and direct impact on patient data confidentiality, immediate action is required.

The vulnerability exists within the login.php component of the MedDream PACS software. The application fails to properly validate or sanitize files processed during the login functionality. An unauthenticated attacker can craft a malicious PHP file and submit it to the login.php endpoint. The server executes the code within this file, which can be used to escalate privileges, create a new administrator account, or establish a persistent web shell on the server, leading to a full system compromise.

This vulnerability is rated as critical severity with a CVSS score of 9.3. Successful exploitation could have a severe business impact, particularly for healthcare organizations. An attacker gaining administrative access to the PACS system could lead to a major data breach involving sensitive Protected Health Information (PHI). The consequences include unauthorized access, modification, or exfiltration of patient medical records and images, which could result in significant regulatory fines (e.g., under HIPAA), severe reputational damage, and a loss of patient trust. Furthermore, disruption of the PACS system could impede critical clinical workflows and patient care.

Immediate Action: The vendor has released a patch to address this vulnerability. All organizations using the affected software should immediately update meddream MedDream PACS Premium to the latest version. After patching, monitor for any further exploitation attempts and review historical access logs for signs of prior compromise.

Proactive Monitoring:

• Monitor web server and application logs for unusual POST requests to login.php, especially those containing file uploads or unexpected parameters.
• Implement file integrity monitoring to detect the creation of unauthorized .php or other executable files in the web root directory.
• Analyze network traffic for suspicious outbound connections from the PACS server, which could indicate a command-and-control channel.

Compensating Controls:

• If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to block malicious file uploads and suspicious requests targeting login.php.
• Restrict network access to the application's login page, allowing connections only from trusted internal IP address ranges.
• Harden file system permissions to prevent the web server's user account from writing to application directories.

Public Exploit Available: false

Due to the critical CVSS score of 9.3 and the potential for a complete compromise of the MedDream PACS system, we strongly recommend that organizations treat this vulnerability as a top priority. The risk of a severe data breach involving Protected Health Information (PHI) is extremely high. Although this CVE is not currently on the CISA KEV list, its severity makes immediate patching essential to prevent exploitation. If patching is delayed, implement the suggested compensating controls and enhance monitoring to detect and respond to any attack attempts.