Canon Medical Systems Security Advisory

Remote code execution (RCE) vulnerabilities (CVE-2021-24074,  CVE-2021-24094) and denial of service (DoS) vulnerability (CVE-2021-24086) exist in the Windows TCP/IP. The two RCE vulnerabilities are complex which make it difficult to create functional exploits. The DoS exploits for these CVEs would allow a remote attacker to cause a stop error.
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074
        https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094
        https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24086

Overview:
CVE-2021-24074 is a vulnerability in Windows systems handling of inbound IPv4 packets. The exploitation of this vulnerability is usually blocked by default by firewalls and routers, so the vulnerability is less likely to be exploited.
CVE-2021-24086 and CVE-2021-24094 are vulnerabilities related to IPv6 packets. These vulnerabilities are not actual in the case that the network is not configured by IPv6.
These Vulnerabilities are currently awaiting updated analysis and represents our best knowledge as of the most recent revision. As a result, the content is subject to change as further analysis is performed and the results are updated.
Canon Medical Systems Corporation continues to investigate the applicability of this vulnerability to Medical Imaging Devices manufactured by Canon Medical Systems Corporation.

REFERENCE:
MITRE CVE-2021-24074, CVE-2021-24094, CVE-2021-24086
These vulnerabilities are applicable to Microsoft Windows systems.

Workarounds:
The followings as workarounds for your network to reduce the possibility of security incident by this security vulnerabilities.

• Configure firewall or load balancers to disallow IPv4 source routing requests
• Configure firewall or load balancers to disallow IPv6 fragmentation.