Basic-Detection for DICOM Services

Related to the recent Confidential patient data accessible on the internet / Ungeschützte Patientendaten im Internet articles it is possible to do a basic/general detection for such exposed DICOM services with the Greenbone Community Feed (GCF).

Please include at least the ports 104/tcp, 2761/tcp, 2762/tcp and 11112/tcp in your port list. After running a scan you can use a filter like e.g.:

~"A Digital Imaging and Communications in Medicine (DICOM) service seems
to be running on this port" or location=104/tcp or location=2761/tcp or
location=2762/tcp or location=11112/tcp

to get a rough overview over possible exposed / affected systems.

More advanced detection methods are available in the Greenbone Security Feed (GSF). Any customer with a valid GSF subscription can apply all of the DICOM tests with the Greenbone Security Manager. Please contact the Greenbone Customer Support if you have questions.