CISA Warns of Essential Flaws in Illumina’s DNA Sequencing Devices

Apr 29, 2023Ravie LakshmananHealthcare / Cybersecurity

DNA Sequencing Instruments

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has launched an Industrial Management Programs (ICS) medical advisory warning of a important flaw impacting Illumina medical units.

The problems impression the Common Copy Service (UCS) software program within the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA sequencing devices.

Essentially the most extreme of the issues, CVE-2023-1968 (CVSS rating: 10.0), permits distant attackers to bind to uncovered IP addresses, thereby making it potential to snoop on community site visitors and remotely transmit arbitrary instructions.

The second concern pertains to a case of privilege misconfiguration (CVE-2023-1966, CVSS rating: 7.4) that would allow a distant unauthenticated malicious actor to add and execute code with elevated permissions.

“Profitable exploitation of those vulnerabilities may enable an attacker to take any motion on the working system degree,” CISA said. “A risk actor may impression settings, configurations, software program, or knowledge on the affected product; a risk actor may work together by the affected product through a related community.”

The Meals and Drug Administration (FDA) said an unauthorized person may weaponize the shortcoming to impression “genomic knowledge ends in the devices meant for scientific analysis, together with inflicting the devices to supply no outcomes, incorrect outcomes, altered outcomes, or a possible knowledge breach.”

There isn’t a proof that the 2 vulnerabilities have been exploited within the wild. Customers are advisable to apply the fixes launched on April 5, 2023, to mitigate potential threats.


Study to Cease Ransomware with Actual-Time Safety

Be part of our webinar and learn to cease ransomware assaults of their tracks with real-time MFA and repair account safety.

Save My Seat!

This isn’t the primary time extreme flaws have come to mild in Illumina’s DNA Sequencing Units. In June 2022, the corporate disclosed a number of related vulnerabilities that would have been abused to grab management of affected techniques.

The disclosure comes nearly a month after the FDA issued new steerage that can require medical gadget makers to stick to a set of cybersecurity necessities when submitting an software for a brand new product.

This features a plan to watch, determine, and deal with “postmarket” cybersecurity vulnerabilities and exploits inside an affordable time interval, and design and keep processes to make sure the safety of such units through common and out-of-band patches.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.