Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Illumina
  • Iscan
  • Iscan Firmware
  • Iseq 100
  • Iseq 100 Firmware
  • Miniseq
  • Miniseq Firmware
  • Miseq
  • Miseq Firmware
  • Miseqdx
  • Miseqdx Firmware
  • Nextseq 1000
  • Nextseq 1000 Firmware
  • Nextseq 2000
  • Nextseq 2000 Firmware
  • Nextseq 500
  • Nextseq 500 Firmware
  • Nextseq 550
  • Nextseq 550 Firmware
  • Nextseq 550dx
  • Nextseq 550dx Firmware
  • Novaseq 6000
  • Novaseq 6000 Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:illumina:iscan_firmware:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:illumina:iscan_firmware:4.0.5:*:*:*:*:*:*:*
cpe:2.3:h:illumina:iscan:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:illumina:iseq_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:illumina:miniseq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:illumina:miseq_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:illumina:miseqdx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:miseqdx_firmware:4.0:*:*:*:ruo:*:*:*
cpe:2.3:h:illumina:miseqdx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:illumina:nextseq_500_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:illumina:nextseq_550_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:nextseq_550dx_firmware:*:*:*:*:-:*:*:*
cpe:2.3:o:illumina:nextseq_550dx_firmware:4.0:*:*:*:ruo:*:*:*
cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:illumina:nextseq_1000_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_1000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:illumina:nextseq_2000_firmware:1.4.1:*:*:*:*:*:*:*
cpe:2.3:h:illumina:nextseq_2000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:illumina:novaseq_6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:illumina:novaseq_6000_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:illumina:novaseq_6000:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html cve-icon cve-icon
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-04-28T18:09:17.372Z

Updated: 2024-08-02T06:05:27.076Z

Reserved: 2023-04-10T14:51:29.181Z

Link: CVE-2023-1968

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-28T19:15:16.647

Modified: 2024-11-21T07:40:14.970

Link: CVE-2023-1968

cve-icon Redhat

No data.