A critical vulnerability has been identified in Sante PACS Server products, which could allow a remote attacker to cause a system crash. By sending a specially crafted message, an attacker can make the server unavailable, leading to a denial-of-service condition that could disrupt access to critical medical imaging data and impact clinical operations.

The vulnerability exists within the Sante PACS Server's processing of Health Level Seven (HL7) messages. A remote, unauthenticated attacker can send a single, malformed HL7 message to the server. The server's main thread fails to properly handle this crafted message, leading to an unhandled exception that causes the application to terminate abruptly, resulting in a denial-of-service (DoS).

This vulnerability is rated as High severity with a CVSS score of 7.5. A successful exploit would render the PACS server completely unavailable, directly impacting clinical workflows that rely on access to medical images like X-rays, CT scans, and MRIs. This disruption can delay patient diagnosis and treatment, posing a significant risk to patient safety and care. The resulting operational downtime can also lead to reputational damage and potential regulatory consequences for the healthcare organization.

Immediate Action: The primary remediation is to apply the security updates released by the vendor to all affected Sante PACS Servers immediately. Following the update, security teams should monitor for any signs of exploitation attempts and review system and access logs for anomalous activity preceding the patch.

Proactive Monitoring: Security teams should monitor network traffic for malformed or unusual HL7 messages targeting the PACS server. Correlate any application crash events or unexpected server reboots in the system logs with inbound network connections on the HL7 listening port. An increase in server downtime or instability should be treated as a potential indicator of an attack.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:

• Restrict network access to the HL7 service port, ensuring that only trusted and authorized internal medical systems can communicate with it.
• Deploy an Intrusion Prevention System (IPS) with signatures capable of detecting and blocking malformed HL7 traffic before it reaches the vulnerable server.

Public Exploit Available: false

Given the High severity of this vulnerability and its direct impact on critical healthcare systems, organizations are strongly advised to prioritize the deployment of vendor-supplied patches. While there is no current evidence of active exploitation, the low complexity of the attack means that it could be easily weaponized. Prompt remediation is essential to prevent disruption to clinical services and mitigate risks to patient care.