vulnerability

MicroDicom DICOM Viewer: CVE-2024-33606: Improper Authorization in Handler for Custom URL Scheme

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Jun 11, 2024	Apr 15, 2025	Jul 3, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Jun 11, 2024

Added

Apr 15, 2025

Modified

Jul 3, 2025

Description

An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability.

Solution

microdicom-dicom-viewer-upgrade-latest

References

CWE-939
CWE-862
CVE-2024-33606
https://attackerkb.com/topics/CVE-2024-33606
URL-https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-163-01

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today