Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for local_run_manager by illumina

    CVE-2022-1524 (GCVE-0-2022-1524)

    Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 17:52
    VLAI
    Title
    3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
    Summary
    LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:28:35.654447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:52:17.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:16.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1524",
              "STATE": "PUBLIC",
              "TITLE": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1524",
        "datePublished": "2022-06-24T15:00:16.330Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:52:17.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1521 (GCVE-0-2022-1521)

    Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
    VLAI
    Title
    3.2.4 IMPROPER ACCESS CONTROL CWE-284
    Summary
    LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.014Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:21.716090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:16:46.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrumen",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "cwe-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.4    IMPROPER ACCESS CONTROL CWE-284",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1521",
              "STATE": "PUBLIC",
              "TITLE": "3.2.4    IMPROPER ACCESS CONTROL CWE-284"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrumen",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cwe-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1521",
        "datePublished": "2022-06-24T15:00:15.565Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:16:46.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1519 (GCVE-0-2022-1519)

    Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
    VLAI
    Summary
    LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:29.024230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:17:02.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:13.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1519",
              "STATE": "PUBLIC",
              "TITLE": ""
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1519",
        "datePublished": "2022-06-24T15:00:13.721Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:17:02.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1518 (GCVE-0-2022-1518)

    Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
    VLAI
    Title
    3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
    Summary
    LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:02.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:25.332039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:16:54.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:14.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1518",
              "STATE": "PUBLIC",
              "TITLE": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1518",
        "datePublished": "2022-06-24T15:00:14.741Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:16:54.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1517 (GCVE-0-2022-1517)

    Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
    VLAI
    Title
    3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
    Summary
    LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:02.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:32.128012Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:17:11.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "cwe-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:12.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1517",
              "STATE": "PUBLIC",
              "TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cwe-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1517",
        "datePublished": "2022-06-24T15:00:12.934Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:17:11.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1524 (GCVE-0-2022-1524)

    Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 17:52
    VLAI
    Title
    3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
    Summary
    LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:28:35.654447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:52:17.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:16.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1524",
              "STATE": "PUBLIC",
              "TITLE": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1524",
        "datePublished": "2022-06-24T15:00:16.330Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:52:17.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1521 (GCVE-0-2022-1521)

    Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
    VLAI
    Title
    3.2.4 IMPROPER ACCESS CONTROL CWE-284
    Summary
    LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.014Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:21.716090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:16:46.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrumen",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "cwe-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.4    IMPROPER ACCESS CONTROL CWE-284",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1521",
              "STATE": "PUBLIC",
              "TITLE": "3.2.4    IMPROPER ACCESS CONTROL CWE-284"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrumen",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cwe-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1521",
        "datePublished": "2022-06-24T15:00:15.565Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:16:46.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1518 (GCVE-0-2022-1518)

    Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
    VLAI
    Title
    3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
    Summary
    LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:02.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:25.332039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:16:54.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:14.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1518",
              "STATE": "PUBLIC",
              "TITLE": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1518",
        "datePublished": "2022-06-24T15:00:14.741Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:16:54.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1519 (GCVE-0-2022-1519)

    Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
    VLAI
    Summary
    LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:03.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:29.024230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:17:02.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:13.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1519",
              "STATE": "PUBLIC",
              "TITLE": ""
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1519",
        "datePublished": "2022-06-24T15:00:13.721Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:17:02.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1517 (GCVE-0-2022-1517)

    Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
    VLAI
    Title
    3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
    Summary
    LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2022-06-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:02.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:32.128012Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:17:11.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NextSeq 550Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Dx",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 500 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "NextSeq 550 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "iSeq 100 Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            },
            {
              "product": "MiniSeq Instrument",
              "vendor": "Illumina",
              "versions": [
                {
                  "status": "affected",
                  "version": "LRM Versions 1.3 to 3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-06-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "cwe-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-24T15:00:12.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "20220602T06:00:00.000000Z",
              "ID": "CVE-2022-1517",
              "STATE": "PUBLIC",
              "TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Dx",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 500 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NextSeq 550 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iSeq 100 Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MiniSeq Instrument",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "=",
                                "version_name": "",
                                "version_value": "LRM Versions 1.3 to 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Illumina"
                  }
                ]
              }
            },
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cwe-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "UNKNOWN"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-1517",
        "datePublished": "2022-06-24T15:00:12.934Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:17:11.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }