![]() Canon Medical resolved the identified flaws with the release of Vitrea View version 7.7.6. The cybersecurity firm has published proof-of-concept (PoC) code targeting the vulnerability. Once an authenticated admin is coerced into visiting the affected URL, it is possible to create and modify the Python, JavaScript and Groovy scripts used by the Vitrea View application,” Trustwave explains. Place the item on the platen (scanner glass). CANON IMAGE TOOLS PDFSave documents in formats such as PDF and JPEG, and photos in formats such as JPEG and TIFF. Solution, Scan items placed on the platen with settings suitable for documents or photos. “Like the previous finding, the reflected input is slightly restricted, as it does not allow spaces. This information provides basic instructions on scanning documents and photos with IJ Scan Utility for Windows. When searching for 'groupID', 'offset', and 'limit', the input is reflected back to the user “when text is entered instead of the expected numerical inputs”. Residing in the tool’s administrative panel, the second vulnerability impacts the search function in the 'Group and Users' page. In the screen for adding a device, select XXXMAC address (where 'XXX' is model name), and then click Next. In the Network menu of the displayed screen, select Add devices and printers. CANON IMAGE TOOLS WINDOWS 10Windows 10 / Windows 8.1: Right-click the Start menu, and then select File Explorer > Network. You can use MF Toolbox to save scanned images to a folder on the. “Once a user has been coerced into navigating to the affected URL if they have a valid Vitrea View session their session could be used to potentially retrieve patient information, retrieve their stored images or scans and modify their information depending on privileges of the session,” Trustwave says. Follow these steps to enable scanning over a network. This intuitive software allows you to perform complex scanning tasks in just a few clicks. The bugs could also lead to the compromise of sensitive information and credentials for services that are integrated with Vitrea View.Įxploitable without authentication, the first of the vulnerabilities exists in an error page located at /vitrea-view/error/, where all input after the /error/ subdirectory is reflected back to the user. The two security holes, which are tracked collectively as CVE-2022-37461, are described as reflected XSS bugs in an error message and in the administrative panel.Īccording to Trustwave, the flaws could be exploited to retrieve patient information, including stored images and scans, as well as to modify the information. Touted as an enterprise viewing solution, Vitrea View is used by healthcare providers, physicians, and radiologists to securely share medical images that can then be accessed directly from the browser, on both desktop and mobile devices. ![]() Trustwave is warning healthcare organizations of two cross-site scripting (XSS) vulnerabilities in Canon Medical’s popular medical imaging sharing tool Vitrea View. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |