Vulnerabilities Affecting Dominion Voting Systems ImageCast X

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.

CVEs (9)

Remediations

• CISA recommends election officials continue to take and further enhance defensive measures to reduce the risk of exploitation of these vulnerabilities. Specifically, for each election, election officials should:
• Contact Dominion Voting Systems to determine which software and/or firmware updates need to be applied. Dominion Voting Systems reports to CISA that the above vulnerabilities have been addressed in subsequent software versions.
• Ensure all affected devices are physically protected before, during, and after voting.
• Ensure compliance with chain of custody procedures throughout the election cycle.
• Ensure that ImageCast X and the Election Management System (EMS) are not connected to any external (i.e., Internet accessible) networks.
• Ensure carefully selected protective and detective physical security measures (for example, locks and tamper-evident seals) are implemented on all affected devices, including on connected devices such as printers and connecting cables.
• Close any background application windows on each ImageCast X device.
• Use read-only media to update software or install files onto ImageCast X devices.
• Use separate, unique passcodes for each poll worker card.
• Ensure all ImageCast X devices are subjected to rigorous pre- and post-election testing.
• Disable the "Unify Tabulator Security Keys" feature on the election management system and ensure new cryptographic keys are used for each election.
• As recommended by Dominion Voting Systems, use the supplemental method to validate hashes on applications, audit log exports, and application exports.
• Encourage voters to verify the human-readable votes on printout.
• Conduct rigorous post-election tabulation audits of the human-readable portions of physical ballots and paper records, to include reviewing ballot chain of custody and conducting voter/ballot reconciliation procedures. These activities are especially crucial to detect attacks where the listed vulnerabilities are exploited such that a barcode is manipulated to be tabulated inconsistently with the human-readable portion of the paper ballot. (NOTE: If states and jurisdictions so choose, the ImageCast X provides the configuration option to produce ballots that do not print barcodes for tabulation.)

Affected Vendors

Affected Products (2)

Affected Sectors

Government Facilities / Election Infrastructure