• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

CISA Warned About Critical Vulnerabilities in Illumina’s DNA Sequencing Devices

You are here: Home / General Cyber Security News / CISA Warned About Critical Vulnerabilities in Illumina’s DNA Sequencing Devices
June 6, 2022

Illumina DNA Sequencing Devices

The U.S. Cybersecurity and Infrastructure Security Company (CISA) and Food items and Drug Administration (Fda) have issued an advisory about critical security vulnerabilities in Illumina’s future-era sequencing (NGS) software program.

Three of the flaws are rated 10 out of 10 for severity on the Popular Vulnerability Scoring System (CVSS), with two other folks getting severity scores of 9.1 and 7.4.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The issues affect software package in clinical devices employed for “clinical diagnostic use in sequencing a person’s DNA or screening for several genetic disorders, or for investigate use only,” according to the Fda.

CyberSecurity

“Effective exploitation of these vulnerabilities may allow for an unauthenticated malicious actor to consider control of the impacted merchandise remotely and just take any action at the running program degree,” CISA stated in an warn.

“An attacker could effects options, configurations, software, or data on the afflicted product or service and interact by means of the afflicted merchandise with the connected network.”

Influenced devices and instruments incorporate NextSeq 550Dx, MiSeq Dx, NextSeq 500, NextSeq 550, MiSeq, iSeq 100, and MiniSeq using Neighborhood Operate Manager (LRM) computer software variations 1.3 to 3.1.

The listing of flaws is as follows –

  • CVE-2022-1517 (CVSS score: 10.) – A remote code execution vulnerability at the functioning process amount that could allow for an attacker to tamper with settings and accessibility delicate details or APIs.
  • CVE-2022-1518 (CVSS rating: 10.) – A listing traversal vulnerability that could allow an attacker to upload malicious information to arbitrary areas.
  • CVE-2022-1519 (CVSS rating: 10.) – An issue with the unrestricted upload of any file style, allowing an attacker to realize arbitrary code execution.
  • CVE-2022-1521 (CVSS rating: 9.1) – A deficiency of authentication in LRM by default, enabling an attacker to inject, modify, or accessibility delicate knowledge.
  • CVE-2022-1524 (CVSS rating: 7.4) – A absence of TLS encryption for LRM variations 2.4 and reduced that could be abused by an attacker to phase a guy-in-the-center (MitM) attack and entry credentials.

CyberSecurity

In addition to allowing remote command about the devices, the flaws could be weaponized to compromise patients’ medical checks, resulting in incorrect or altered success throughout prognosis.

Though there is no proof that the flaws are becoming exploited in the wild, it can be suggested that clients implement the computer software patch unveiled by Illumina final month to mitigate any opportunity risk.

Found this posting fascinating? Abide by THN on Facebook, Twitter  and LinkedIn to study more distinctive written content we put up.


Some sections of this write-up are sourced from:
thehackernews.com

Previous Post: «cyber security companies ‘must remember who the enemies are’ Cyber security companies ‘must remember who the enemies are’

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Warned About Critical Vulnerabilities in Illumina’s DNA Sequencing Devices
  • Cyber security companies ‘must remember who the enemies are’
  • Gloucester Council IT Systems Still Not Fully Operational Six Months After Cyber-Attack
  • Exploitation of Atlassian Confluence zero-day surges fifteen-fold in 24 hours
  • India’s new cyber rules risk driving away tech companies
  • State-sponsored hackers delay new Microsoft Exchange Server by four years
  • Russian Ministry Website Reportedly Hacked
  • State-Backed Hackers Exploit Microsoft ‘Follina’ Bug to Target Entities in Europe and U.S
  • Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild
  • GitLab Issues Security Patch for Critical Account Takeover Vulnerability

Copyright © TheCyberSecurity.News, All Rights Reserved.