Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.
Weakness
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Iscan_firmware | Illumina | 4.0.0 (including) | 4.0.0 (including) |
| Iscan_firmware | Illumina | 4.0.5 (including) | 4.0.5 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/104.html
- https://cwe.mitre.org/data/definitions/470.html
- https://cwe.mitre.org/data/definitions/69.html
References
- https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01
- https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01