Overview
It was announced that there is a security vulnerability in the Remote Desktop Service (software for remote control from other computers) in the Windows OS. And there is a possibility that an attacker who successfully exploited this vulnerability could install software, view data, change data, or delete data. At this time, no attack code or attack damage that exploits this vulnerability has been confirmed.
Security Risk Evaluation Result
The evaluation results of Common Vulnerability Scoring System (CVSS) is 9.8 (critical level) and the degree of impact on confidentiality, integrity, and availability is also rated as “high”. The attack method is as simple as sending a specially crafted RDP request to the remote desktop service of the target system.
Affected products
・
|
VL Medical Imaging Products
|
|
(Windows XP/Windows 7)
|
- Infinix-i V4.x/V5.x (DFP)
|
|
(Windows XP)
|
|
- Infinix-i V4.x/V5.x (Angio Workstation)
|
|
(Windows XP)
|
|
- Alphenix V8.x (Angio Workstation)
|
|
(Windows 7)
|
|
・
|
CT Medical Imaging Products
|
|
(Windows Server 2003 / Windows Server 2008)
|
- TSX series with SUREXtension option (COT-49D)
|
|
||
・
|
MR Medical Imaging Products
|
|
(Windows XP/Windows 7)
|
- MRT series
|
|
(Windows XP)
|
|
- MRT series
|
|
(Windows 7)
|
・
|
CT TSX series with SUREXtension option
|
|
(Windows Server 2003 / Windows Server 2008)
|
- Release date: 06/03/2019 (Release No.17 or later)
|
|||
・
|
MR MRT series
|
|
(Windows 7)
|
- Release date: 06/27/2019 (Release No.18 or later)
|
・
|
VL Infinix-i V4.x/V5.x (DFP)
|
|
(Windows XP)
|
- Release date: 11/27/2019 (FSM-XR4348)
|
|||
・
|
VL Infinix-i V4.x/V5.x (Angio Workstation)
|
|
(Windows XP)
|
- Release date: 11/27/2019 (FSM-XR4348)
|
|||
・
|
VL Alphenix V8.x (Angio Workstation)
|
|
(Windows 7)
|
- Release date: 11/27/2019 (FSM-XR4348)
|
|||
・
|
MR MRT series
|
|
(Windows XP)
|
- Release date: 11/25/2019 (FSM-MR3570*A)
|
Service Name
|
Protocol type and used port number
|
TermService
|
TCP 3389 port |
© Canon Medical Systems Asia Pte. Ltd.
© Canon Medical Systems Asia Pte. Ltd.