Remote Procedure Call Runtime Vulnerability (CVE-2022-26809)
Canon Medical Systems Security Advisory
Overview:
It was announced that there is security vulnerability that affects Microsoft Remote Procedure Call (RPC) runtime. A remote code execution vulnerability exists when an attacker sends a specially crafted RPC call to an RPC host. An attacker who successfully exploited this vulnerability could run arbitrary code.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
Vulnerability Overview:
RPC is a communication method for calling and executing programs from other terminals connected to the network. CVE-2022-26809 is a remote code execution vulnerability in Microsoft RPC runtime and affects Windows. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. Microsoft RPC allows for messages to be transmitted in different ways.
- SMB (port 445 TCP or port 139 TCP) are most common. The commands over SMB are sent as named pipe writes that are then passed to the respective service.
- Via TCP (port 135 TCP and high port). The clients first connect to an endpoint mapper which will return the port number the service uses. Then a second TCP connection to the high port will be transmitting the RPC message.
- Via HTTP (default port 593). This is useful if RPC is exposed over the Internet. TLS can be used for encryption and HTTP may provide additional authentication options.
Possible Affected Canon Medical Systems Products:
The following products are not affected because it is blocking RPC related ports (135, 139, 445, 593).
- UL Medical Imaging Products
- NM Medical Imaging Products
The following products may be affected potentially:
- CT Medical Imaging Products
- MR Medical Imaging Products
- VL Medical Imaging Products
- XR Medical Imaging Products
At this time, we have not received any reports that this vulnerability has been exploited.
Resolution:
Canon Medical Systems Corporation will provide the update information for Microsoft vulnerabilities. The current schedule is as follows. The schedule will be updated.
CT |
Aquilion Precision V10.10 |
April 2022 |
Aquilion ONE V10.12 |
May 2022 |
Aquilion Exceed LB V10.9 |
July 2022 |
Mitigations:
The mitigation measures include the following.
- Block RPC related ports (135, 139, 445, 593) at the Firewall appliance on the facilities network