Microsoft Message Queuing (MSMQ) Vulnerability (CVE-2023-21554)
Canon Medical Systems Security Advisory
Overview:
It was announced that there is security vulnerability that affects Microsoft Message Queuing (MSMQ). MSMQ is a Windows OS functionality used to communicate between applications, which allows synchronous/asynchronous communication. MSMQ has a remote code execution vulnerability that could allow an attacker to execute arbitrary code if exploited.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
Vulnerability Overview:
CVSS score (v3.1) is 9.8 (Critical).
To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server using TCP port 1801.
Possible Affected Canon Medical Systems Products:
The systems which are enabled MSMQ and opens TCP port 1801 are affected.
The following Canon Medical Systems products are affected.
・UL Medical Imaging Products
・MR Medical Imaging Products
Resolution:
Canon Medical Systems Corporation is providing the security update information for Microsoft vulnerabilities.
CVE-2023-21554 has been patched by Microsoft OS monthly cumulative 2023-04 or later.
Regarding applicable patch list, please see the below link.
https://global.medical.canon/service-support/securityinformation/productsecurityupdate/security_update
For inquiries concerning these subject products, please contact the nearest branch office, sales/service office.
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
