ECSIMAGING PACS Command Injection and Local File Inclusion Scanner

ECSIMAGING PACS is utilized primarily in medical imaging facilities for storing and retrieving digital X-ray, MRI, and CT scans. It serves radiologists, doctors, and other healthcare professionals by improving the accessibility and management of medical imaging data. These systems are often integrated into larger hospital IT infrastructures, allowing seamless sharing of critical diagnostic information. The software aids in enhancing patient care by facilitating quick and reliable access to images needed for medical assessments and treatments. PACS is commonly used across hospitals, private clinics, and telemedicine platforms around the world, reflecting its critical role in modern medical diagnostics.

The vulnerability identified in ECSIMAGING PACS is a Remote Code Execution (RCE), allowing malicious actors to execute arbitrary commands on the vulnerable server. This occurs due to improper handling and lack of validation in the 'file' parameter on the page /showfile.php. Without proper sanitization, external input can manipulate normal application flow and execute unauthorized commands. As RCE is critical, it can permit attackers to gain control over affected systems, potentially leading to data theft, modification, or service disruption. It poses severe consequences, underscoring the importance of addressing this security flaw.

Technical investigation reveals that the 'file' parameter in /showfile.php of ECSIMAGING PACS version 6.21.5 and below is susceptible to command injection attacks. Exploiting this, attackers can leverage local file inclusion to access sensitive files like /etc/passwd, potentially compromising user credentials. Moreover, systems with the www-data user account having sudo NOPASSWD privileges are especially vulnerable, as attackers can escalate their access. These vulnerabilities are easily exploited with minimal technical complexity, emphasizing the requirement for robust input validation mechanisms.

Exploitation of this vulnerability can have severe implications, such as unauthorized access to sensitive medical data and complete control over affected servicers. Healthcare data breaches can result in financial losses, damage to reputations, and jeopardized patient privacy. Malicious attackers might manipulate or delete critical images or records, affecting patient care. Additionally, attackers who obtain server control might launch further attacks or exfiltrate sensitive data for malicious purposes. This highlights the urgent need for addressing these security concerns to protect against potential exploits.

REFERENCES

• https://www.exploit-db.com/exploits/49388