Home

Description

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

PUBLISHED Reserved 2025-11-11 | Published 2025-12-02 | Updated 2025-12-02 | Assigner icscert




HIGH: 7.1CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.0CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

Any version before 23.0
affected

Credits

Joe Dillon reported these vulnerabilities to Mirion Medical. finder

References

www.cisa.gov/...vents/ics-medical-advisories/icsma-25-336-01

cve.org (CVE-2025-64642)

nvd.nist.gov (CVE-2025-64642)