Canon Medical Systems Security Advisory

Overview:
It was announced that there is security vulnerability that affects Microsoft Remote Procedure Call (RPC) runtime. A remote code execution vulnerability exists when an attacker sends a specially crafted RPC call to an RPC host. An attacker who successfully exploited this vulnerability could run arbitrary code.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809

Vulnerability Overview:
RPC is a communication method for calling and executing programs from other terminals connected to the network. CVE-2022-26809 is a remote code execution vulnerability in Microsoft RPC runtime and affects Windows. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. Microsoft RPC allows for messages to be transmitted in different ways.

• SMB (port 445 TCP or port 139 TCP) are most common. The commands over SMB are sent as named pipe writes that are then passed to the respective service.
• Via TCP (port 135 TCP and high port). The clients first connect to an endpoint mapper which will return the port number the service uses. Then a second TCP connection to the high port will be transmitting the RPC message.
• Via HTTP (default port 593). This is useful if RPC is exposed over the Internet. TLS can be used for encryption and HTTP may provide additional authentication options.

• UL Medical Imaging Products
• NM Medical Imaging Products

• CT Medical Imaging Products
• MR Medical Imaging Products
• VL Medical Imaging Products
• XR Medical Imaging Products