Privilege Escalation Vulnerability in Medicalis Workflow Orchestrator
Publication Date: 2024-07-08
Last Update: 2024-07-08
Current Version: V 1.0
CVSS v3.1 Base Score: 7.8
CVSS v4.0 Base Score: 8.5
SUMMARY
Medicalis Workflow Orchestrator contains a privilege escalation vulnerability that could allow a local attacker to escalate privileges.
Siemens Healthineers recommends countermeasures for products where fixes are not, or not yet available.
WORKAROUNDS AND MITIGATIONS
Currently no fix is planned
Remove the 'Medicalis Workflow Orchestrator Client Updater Windows Service'
Product specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.
GENERAL SECURITY RECOMMENDATIONS
In addition, Siemens Healthineers generelly recommends the following:
- Ensure you have appropriate backups and system restoration procedures.
- Securely delete any backup files that are no longer needed.
- For specific patch and remediation guidance information contact your local Siemens Healthineers Customer Service Engineer, portal or our Regional Support Center. To find your local contact, please refer to https://www.siemens-healthineers.com/how-can-we-help-you
PRODUCT DESCRIPTION
Medicalis Workflow Orchestrator (WFO) is an enterprise level software solution that manages radiologist reading workflow across radiology practices and legacy platforms.
VULNERABILITY CLASSIFICATION
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
Vulnerability CVE-2024-37999
The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.
CVSS v3.1 Base Score:
7.8
CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score:
8.5
CVSS v4.0 Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE:
CWE-282: Improper Ownership Management
ACKNOWLEDGMENTS
Siemens Healthineers thanks the following parties for their efforts:
- Brett Gustafson from Evolve Security for coordinated disclosure
ADDITIONAL INFORMATION
To eliminate the vulnerability, the Medicalis Workflow Orchestrator Client Updater Windows Service should be deleted. Doing so will not prevent client updates from happening, and has no impact to user workflows. The client will update when it is launched and manual updates can still be performed using the System Tray task application.
To delete the service from a client workstation and anywhere the client is installed:
Run Powershell as admin
Run the following from a command line:
net stop "Medicalis Workflow Orchestrator Client Updater"
And then:
sc delete "Medicalis Workflow Orchestrator Client Updater".
For further inquiries on security vulnerabilities in Siemens Healthineers products and solutions, please contact Siemens Healthineers using the following link: https://www.siemens-healthineers.com/cybersecurity
HISTORY DATA
V1.0 (2024-07-08): Publication Date
TERMS OF USE
Siemens Healthineers Security Advisories are subject to the terms and conditions contained in Siemens’ Healthineers underlying license terms or other applicable agreements previously agreed to with Siemens Healthineers (hereinafter "License Terms"). To the extent applicable to information, software or docu- mentation made available in or through a Siemens Healthineers Security Advisory, the Terms of Use of Siemens’ Healthineers Global Website (https://www.siemens-healthineers.com/terms-of-use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
