CVE-2024-50591 is a command injection vulnerability classified under CWE-77 found in the HASOMED Elefant Software Updater (ESU), a software component used primarily in medical office environments. The ESU consists of two parts: a service running with NT AUTHORITY\SYSTEM privileges and a tray client running with user-level permissions. Communication between these components occurs via Windows Named Pipes. The vulnerability exists because the ESU service improperly sanitizes input received through a specific message type, "MessageType.SupportServiceInfos," allowing an attacker to inject arbitrary commands. An attacker with local access to the machine can exploit this by sending a crafted message to the ESU service, which executes the injected commands with SYSTEM privileges. This results in privilege escalation from a standard user to SYSTEM, granting full control over the affected system. The vulnerability affects all versions prior to 1.4.2.1811. The CVSS v3.1 score is 7.8, reflecting high severity due to the local attack vector but low complexity and no required user interaction. The flaw compromises confidentiality, integrity, and availability by enabling full system compromise. Although no public exploits are known at this time, the vulnerability is critical in environments where local user access is possible, such as shared medical office computers or multi-user systems.

For European organizations, particularly those in the healthcare sector using HASOMED Elefant software, this vulnerability poses a significant risk. Exploitation allows attackers to gain SYSTEM-level privileges, potentially leading to unauthorized access to sensitive patient data, disruption of medical software operations, and the ability to install persistent malware or ransomware. The confidentiality of protected health information (PHI) is at risk, violating GDPR and other data protection regulations. Integrity of medical records and software configurations can be compromised, affecting patient care quality and trust. Availability may be impacted if attackers disable or manipulate critical medical software components. Given the local access requirement, insider threats or attackers with physical or remote local access (e.g., via remote desktop or terminal services) are the primary concern. The vulnerability could also facilitate lateral movement within hospital networks, escalating the threat to broader organizational IT infrastructure.

1. Immediately update the HASOMED Elefant Software Updater to version 1.4.2.1811 or later, where the vulnerability is patched. 2. Restrict local access to medical office computers running the ESU service to authorized personnel only, enforcing strict access controls and user account management. 3. Monitor and audit usage of named pipes and inter-process communications on affected systems to detect anomalous or unauthorized messages targeting the ESU service. 4. Employ application whitelisting and endpoint protection solutions capable of detecting and blocking unauthorized command execution attempts. 5. Implement network segmentation and endpoint isolation to limit the ability of attackers to gain local access or move laterally within healthcare networks. 6. Conduct regular security awareness training for staff to reduce risks of insider threats and accidental local compromise. 7. Maintain up-to-date backups of critical medical data and system configurations to enable recovery in case of compromise. 8. Consider deploying host-based intrusion detection systems (HIDS) to alert on suspicious privilege escalation activities.