Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for SonicDICOM Media Viewer by Fujidenolo Solutions Co., Ltd.

    CVE-2024-29734 (GCVE-0-2024-29734)

    Vulnerability from nvd – Published: 2024-04-03 07:11 – Updated: 2024-10-31 13:51
    VLAI
    Summary
    Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Uncontrolled Search Path Element
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fujidenolo Solutions Co., Ltd. SonicDICOM Media Viewer Affected: 2.3.2 and earlier
    Create a notification for this product.
    fujidenolo_solutions_co_ltd. sonicdicom_media_viewer Affected: 0 , < 2.3.2 (custom)
        cpe:2.3:a:fujidenolo_solutions_co_ltd.:sonicdicom_media_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujidenolo_solutions_co_ltd.:sonicdicom_media_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sonicdicom_media_viewer",
                "vendor": "fujidenolo_solutions_co_ltd.",
                "versions": [
                  {
                    "lessThan": "2.3.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29734",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:41:04.894082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:51:55.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:10:55.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN40367518/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicDICOM Media Viewer",
              "vendor": "Fujidenolo Solutions Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T07:11:05.544Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/jp/JVN40367518/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-29734",
        "datePublished": "2024-04-03T07:11:05.544Z",
        "dateReserved": "2024-03-19T09:16:03.999Z",
        "dateUpdated": "2024-10-31T13:51:55.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29734 (GCVE-0-2024-29734)

    Vulnerability from cvelistv5 – Published: 2024-04-03 07:11 – Updated: 2024-10-31 13:51
    VLAI
    Summary
    Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Uncontrolled Search Path Element
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fujidenolo Solutions Co., Ltd. SonicDICOM Media Viewer Affected: 2.3.2 and earlier
    Create a notification for this product.
    fujidenolo_solutions_co_ltd. sonicdicom_media_viewer Affected: 0 , < 2.3.2 (custom)
        cpe:2.3:a:fujidenolo_solutions_co_ltd.:sonicdicom_media_viewer:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fujidenolo_solutions_co_ltd.:sonicdicom_media_viewer:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sonicdicom_media_viewer",
                "vendor": "fujidenolo_solutions_co_ltd.",
                "versions": [
                  {
                    "lessThan": "2.3.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29734",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:41:04.894082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:51:55.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:10:55.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN40367518/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicDICOM Media Viewer",
              "vendor": "Fujidenolo Solutions Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T07:11:05.544Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jvn.jp/en/jp/JVN40367518/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-29734",
        "datePublished": "2024-04-03T07:11:05.544Z",
        "dateReserved": "2024-03-19T09:16:03.999Z",
        "dateUpdated": "2024-10-31T13:51:55.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2024-000034

    Vulnerability from jvndb - Published: 2024-03-27 14:31 - Updated:2024-03-27 14:31
    Severity
    Summary
    SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries
    Details
    SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. After the coordination was completed, Taihei Shimamine reported the case to JPCERT/CC to notify users of the solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000034.html",
      "dc:date": "2024-03-27T14:31+09:00",
      "dcterms:issued": "2024-03-27T14:31+09:00",
      "dcterms:modified": "2024-03-27T14:31+09:00",
      "description": "SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTaihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated. After the coordination was completed, Taihei Shimamine reported the case to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000034.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:fujidenolo_solutions_sonicdicom_media_viewer",
        "@product": "SonicDICOM Media Viewer",
        "@vendor": "Fujidenolo Solutions Co., Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000034",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN40367518/index.html",
          "@id": "JVN#40367518",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-29734",
          "@id": "CVE-2024-29734",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries"
    }