All the vulnerabilites related to Fujidenolo Solutions Co., Ltd. - SonicDICOM Media Viewer
cve-2024-29734
Vulnerability from cvelistv5
Published
2024-04-03 07:11
Modified
2024-10-31 13:51
Severity ?
EPSS score ?
Summary
Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN40367518/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Fujidenolo Solutions Co., Ltd. | SonicDICOM Media Viewer |
Version: 2.3.2 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujidenolo_solutions_co_ltd.:sonicdicom_media_viewer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sonicdicom_media_viewer",
"vendor": "fujidenolo_solutions_co_ltd.",
"versions": [
{
"lessThan": "2.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T13:41:04.894082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:51:55.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40367518/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicDICOM Media Viewer",
"vendor": "Fujidenolo Solutions Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.3.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T07:11:05.544Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN40367518/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-29734",
"datePublished": "2024-04-03T07:11:05.544Z",
"dateReserved": "2024-03-19T09:16:03.999Z",
"dateUpdated": "2024-10-31T13:51:55.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-000034
Vulnerability from jvndb
Published
2024-03-27 14:31
Modified
2024-03-27 14:31
Severity ?
Summary
SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
Details
SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. After the coordination was completed, Taihei Shimamine reported the case to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Fujidenolo Solutions Co., Ltd. | SonicDICOM Media Viewer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000034.html",
"dc:date": "2024-03-27T14:31+09:00",
"dcterms:issued": "2024-03-27T14:31+09:00",
"dcterms:modified": "2024-03-27T14:31+09:00",
"description": "SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTaihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. After the coordination was completed, Taihei Shimamine reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000034.html",
"sec:cpe": {
"#text": "cpe:/a:misc:fujidenolo_solutions_sonicdicom_media_viewer",
"@product": "SonicDICOM Media Viewer",
"@vendor": "Fujidenolo Solutions Co., Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000034",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN40367518/index.html",
"@id": "JVN#40367518",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-29734",
"@id": "CVE-2024-29734",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries"
}