Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Illumina
  • Miniseq Firmware
  • Nextseq 2000 Firmware
  • Iscan Firmware
  • Novaseq 6000 Firmware
  • Iseq 100
  • Novaseq 6000
  • Nextseq 550dx
  • Nextseq 1000 Firmware
  • Nextseq 1000
  • Iseq 100 Firmware
  • Miniseq
  • Nextseq 2000
  • Nextseq 500
  • Miseq
  • Iscan
  • Miseqdx Firmware
  • Nextseq 550 Firmware
  • Miseq Firmware
  • Nextseq 550dx Firmware
  • Miseqdx
  • Nextseq 550
  • Nextseq 500 Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:illumina:iscan_firmware:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:illumina:iscan_firmware:4.0.5:*:*:*:*:*:*:*
cpe:2.3:h:illumina:iscan:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:illumina:iseq_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:illumina:miniseq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:illumina:miseq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:illumina:miseqdx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:miseqdx_firmware:4.0:*:*:*:ruo:*:*:*
cpe:2.3:h:illumina:miseqdx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:illumina:nextseq_500_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:illumina:nextseq_550_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:nextseq_550dx_firmware:4.0:*:*:*:ruo:*:*:*
cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:illumina:nextseq_1000_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_1000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:illumina:nextseq_2000_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_2000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:illumina:novaseq_6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:illumina:novaseq_6000_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:illumina:novaseq_6000:-:*:*:*:*:*:*:*
References
Link Resource
https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html Vendor Advisory
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2023-04-28T18:09:17.372Z

Updated: 2023-04-28T18:09:17.372Z

Reserved: 2023-04-10T14:51:29.181Z

Link: CVE-2023-1968

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-04-28T19:15:16.647

Modified: 2023-05-09T20:06:54.500

Link: CVE-2023-1968

JSON object: View

cve-icon Redhat Information

No data.

CWE