Canon Medical Systems Security Advisory

Overview:
It was announced that there is security vulnerability that affects Windows TCP/IP. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.
REF: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34718

Vulnerability Overview:
An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine. Only systems with the IKE and AuthIP IPsec Keying Modules running are vulnerable to this attack. And systems are not affected if IPv6 is disabled on the target machine.

Possible Affected Canon Medical Systems Products:
Canon Medical Systems Corporation is aware of the remote code execution vulnerability in Windows TCP/IP module, identified as CVE-2022-34718. Since this vulnerability uses IPv6 and we do not, it is assumed that there is unlikely to affect to our products. And we have not confirmed that this vulnerability has been exploited in our products at this time.

Canon Medical Systems Corporation continues to analyze and address potential impacts to our products and will update this security advisory as the investigation continues.

Resolution:
None