CVE-2025-1002

EPSS 0.1%
Veröffentlicht 10.02.2025 21:15:21
Zuletzt bearbeitet 03.03.2025 16:52:20
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

MicroDicom DICOM Viewer Improper Certificate Validation

MicroDicom DICOM Viewer version 2024.03

fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microdicom ≫ Dicom Viewer Version2024.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
ics-cert@hq.dhs.gov	5.7	0	0	CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2025-1002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1002

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-1002