Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1519 (GCVE-0-2022-1519)
Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
VLAI
EPSS
Summary
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
Severity
10 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
|
| Illumina | MiSeq Dx |
Affected:
LRM Versions 1.3 to 3.1
|
|
| Illumina | NextSeq 500 Instrument |
Affected:
LRM Versions 1.3 to 3.1
|
|
| Illumina | NextSeq 550 Instrument |
Affected:
LRM Versions 1.3 to 3.1
|
|
| Illumina | MiSeq Instrument |
Affected:
LRM Versions 1.3 to 3.1
|
|
| Illumina | iSeq 100 Instrument |
Affected:
LRM Versions 1.3 to 3.1
|
|
| Illumina | MiniSeq Instrument |
Affected:
LRM Versions 1.3 to 3.1
|
Date Public
2022-06-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:29.024230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:02.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:13.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1519",
"STATE": "PUBLIC",
"TITLE": ""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1519",
"datePublished": "2022-06-24T15:00:13.721Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:02.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-1519",
"date": "2026-05-25",
"epss": "0.00286",
"percentile": "0.52058"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1519\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-06-24T15:15:09.333\",\"lastModified\":\"2024-11-21T06:40:53.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.\"},{\"lang\":\"es\",\"value\":\"LRM no restringe los tipos de archivos que pueden cargarse en el producto afectado. Un actor malicioso puede cargar cualquier tipo de archivo, incluyendo c\u00f3digo ejecutable que permite una explotaci\u00f3n de c\u00f3digo remoto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3\",\"versionEndIncluding\":\"3.1\",\"matchCriteriaId\":\"C6A76287-2C7D-4EDD-B551-3E162819A08B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0136ED72-BF05-404D-910A-DA5B73F69771\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DA69772-E795-4A64-A6A1-0BDD503D263B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7731600-AE91-4D74-A219-BAE147B29A7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF742B4D-0FC5-443A-8040-7B0A1B298707\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:10:03.403Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1519\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:54:29.024230Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:54:30.477Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Illumina\", \"product\": \"NextSeq 550Dx\", \"versions\": [{\"status\": \"affected\", \"version\": \"LRM Versions 1.3 to 3.1\"}]}, {\"vendor\": \"Illumina\", \"product\": \"MiSeq Dx\", \"versions\": [{\"status\": \"affected\", \"version\": \"LRM Versions 1.3 to 3.1\"}]}, {\"vendor\": \"Illumina\", \"product\": \"NextSeq 500 Instrument\", \"versions\": [{\"status\": \"affected\", \"version\": \"LRM Versions 1.3 to 3.1\"}]}, {\"vendor\": \"Illumina\", \"product\": \"NextSeq 550 Instrument\", \"versions\": [{\"status\": \"affected\", \"version\": \"LRM Versions 1.3 to 3.1\"}]}, {\"vendor\": \"Illumina\", \"product\": \"MiSeq Instrument\", \"versions\": [{\"status\": \"affected\", \"version\": \"LRM Versions 1.3 to 3.1\"}]}, {\"vendor\": \"Illumina\", \"product\": \"iSeq 100 Instrument\", \"versions\": [{\"status\": \"affected\", \"version\": \"LRM Versions 1.3 to 3.1\"}]}, {\"vendor\": \"Illumina\", \"product\": \"MiniSeq Instrument\", \"versions\": [{\"status\": \"affected\", \"version\": \"LRM Versions 1.3 to 3.1\"}]}], \"datePublic\": \"2022-06-02T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-06-24T15:00:13.000Z\"}, \"x_legacyV4Record\": {\"credit\": [], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"defect\": [], \"advisory\": \"\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"LRM Versions 1.3 to 3.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"NextSeq 550Dx\"}]}, \"vendor_name\": \"Illumina\"}, {\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"LRM Versions 1.3 to 3.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"MiSeq Dx\"}]}, \"vendor_name\": \"Illumina\"}, {\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"LRM Versions 1.3 to 3.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"NextSeq 500 Instrument\"}]}, \"vendor_name\": \"Illumina\"}, {\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"LRM Versions 1.3 to 3.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"NextSeq 550 Instrument\"}]}, \"vendor_name\": \"Illumina\"}, {\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"LRM Versions 1.3 to 3.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"MiSeq Instrument\"}]}, \"vendor_name\": \"Illumina\"}, {\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"LRM Versions 1.3 to 3.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"iSeq 100 Instrument\"}]}, \"vendor_name\": \"Illumina\"}, {\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"\", \"version_name\": \"\", \"version_value\": \"LRM Versions 1.3 to 3.1\", \"version_affected\": \"=\"}]}, \"product_name\": \"MiniSeq Instrument\"}]}, \"vendor_name\": \"Illumina\"}]}}, \"solution\": [], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}]}, \"work_around\": [], \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-1519\", \"AKA\": \"\", \"STATE\": \"PUBLIC\", \"TITLE\": \"\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\", \"DATE_PUBLIC\": \"20220602T06:00:00.000000Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-1519\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:17:02.637Z\", \"dateReserved\": \"2022-04-28T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-06-24T15:00:13.721Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
BDU:2022-04723
Vulnerability from fstec - Published: 24.06.2022
VLAI
Title
Уязвимость программного средства Illumina Local Run Manager, связанная с отсутствием ограничений на загрузку файлов, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость программного средства Illumina Local Run Manager связана с отсутствием ограничений на загрузку файлов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity
Vendor
Illumina, Inc.
Software Name
Local Run Manager, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq 500, NextSeq 550, NextSeq 550Dx
Software Version
от 1.3 до 3.1 (Local Run Manager), - (iSeq), - (MiniSeq), - (MiSeq), - (MiSeqDx), - (NextSeq 500), - (NextSeq 550), - (NextSeq 550Dx)
Possible Mitigations
Обновление программного средства Illumina Local Run Manager до более новой версии.
Reference
https://www.us-cert.gov/ics/advisories/icsa-22-153-02
https://nvd.nist.gov/vuln/detail/CVE-2022-1519
CWE
CWE-434
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Illumina, Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 1.3 \u0434\u043e 3.1 (Local Run Manager), - (iSeq), - (MiniSeq), - (MiSeq), - (MiSeqDx), - (NextSeq 500), - (NextSeq 550), - (NextSeq 550Dx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 Illumina Local Run Manager \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.06.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.08.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.08.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04723",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1519",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Local Run Manager, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq 500, NextSeq 550, NextSeq 550Dx",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 Illumina Local Run Manager, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u043d\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0444\u0430\u0439\u043b\u043e\u0432 \u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u0442\u0438\u043f\u0430 (CWE-434)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 Illumina Local Run Manager \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u043d\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.us-cert.gov/ics/advisories/icsa-22-153-02\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1519",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-434",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
CNVD-2022-64996
Vulnerability from cnvd - Published: 2022-09-22
VLAI
Title
Illumina Local Run Manager文件上传漏洞
Description
Illumina Local Run Manager是美国Illumina公司的一种集成解决方案。旨在创建测序运行、监控运行状态、分析测序数据和查看结果。
Illumina Local Run Manager存在文件上传漏洞,攻击者可利用该漏洞上传任何文件类型,包括允许远程代码利用的可执行代码。
Severity
高
Patch Name
Illumina Local Run Manager文件上传漏洞的补丁
Patch Description
Illumina Local Run Manager是美国Illumina公司的一种集成解决方案。旨在创建测序运行、监控运行状态、分析测序数据和查看结果。
Illumina Local Run Manager存在文件上传漏洞,攻击者可利用该漏洞上传任何文件类型,包括允许远程代码利用的可执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://support.illumina.com/downloads/illumina-local-run-manager-1.0.html
Reference
https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02
Impacted products
| Name | Illumina Local Run Manager (LRM) >=1.3,<=3.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-1519"
}
},
"description": "Illumina Local Run Manager\u662f\u7f8e\u56fdIllumina\u516c\u53f8\u7684\u4e00\u79cd\u96c6\u6210\u89e3\u51b3\u65b9\u6848\u3002\u65e8\u5728\u521b\u5efa\u6d4b\u5e8f\u8fd0\u884c\u3001\u76d1\u63a7\u8fd0\u884c\u72b6\u6001\u3001\u5206\u6790\u6d4b\u5e8f\u6570\u636e\u548c\u67e5\u770b\u7ed3\u679c\u3002\n\nIllumina Local Run Manager\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u4efb\u4f55\u6587\u4ef6\u7c7b\u578b\uff0c\u5305\u62ec\u5141\u8bb8\u8fdc\u7a0b\u4ee3\u7801\u5229\u7528\u7684\u53ef\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.illumina.com/downloads/illumina-local-run-manager-1.0.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-64996",
"openTime": "2022-09-22",
"patchDescription": "Illumina Local Run Manager\u662f\u7f8e\u56fdIllumina\u516c\u53f8\u7684\u4e00\u79cd\u96c6\u6210\u89e3\u51b3\u65b9\u6848\u3002\u65e8\u5728\u521b\u5efa\u6d4b\u5e8f\u8fd0\u884c\u3001\u76d1\u63a7\u8fd0\u884c\u72b6\u6001\u3001\u5206\u6790\u6d4b\u5e8f\u6570\u636e\u548c\u67e5\u770b\u7ed3\u679c\u3002\r\n\r\nIllumina Local Run Manager\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u4efb\u4f55\u6587\u4ef6\u7c7b\u578b\uff0c\u5305\u62ec\u5141\u8bb8\u8fdc\u7a0b\u4ee3\u7801\u5229\u7528\u7684\u53ef\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Illumina Local Run Manager\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Illumina Local Run Manager (LRM) \u003e=1.3\uff0c\u003c=3.1"
},
"referenceLink": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"serverity": "\u9ad8",
"submitTime": "2022-06-05",
"title": "Illumina Local Run Manager\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}
FKIE_CVE-2022-1519
Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2024-11-21 06:40
Severity
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| illumina | local_run_manager | * | |
| illumina | iseq_100 | - | |
| illumina | miniseq | - | |
| illumina | miseq | - | |
| illumina | miseq_dx | - | |
| illumina | nextseq_500 | - | |
| illumina | nextseq_550 | - | |
| illumina | nextseq_550dx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
"versionEndIncluding": "3.1",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
},
{
"lang": "es",
"value": "LRM no restringe los tipos de archivos que pueden cargarse en el producto afectado. Un actor malicioso puede cargar cualquier tipo de archivo, incluyendo c\u00f3digo ejecutable que permite una explotaci\u00f3n de c\u00f3digo remoto"
}
],
"id": "CVE-2022-1519",
"lastModified": "2024-11-21T06:40:53.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:09.333",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
GHSA-4PG3-X42Q-599H
Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2022-07-02 00:00
VLAI
Details
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-1519"
],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T15:15:00Z",
"severity": "CRITICAL"
},
"details": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.",
"id": "GHSA-4pg3-x42q-599h",
"modified": "2022-07-02T00:00:21Z",
"published": "2022-06-25T00:00:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1519"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-1519
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1519",
"description": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.",
"id": "GSD-2022-1519"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1519"
],
"details": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.",
"id": "GSD-2022-1519",
"modified": "2023-12-13T01:19:28.204622Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1519",
"STATE": "PUBLIC",
"TITLE": ""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1519"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-07-01T17:27Z",
"publishedDate": "2022-06-24T15:15Z"
}
}
}
ICSA-22-153-02
Vulnerability from csaf_cisa - Published: 2022-06-02 00:00 - Updated: 2022-08-23 00:00Summary
Illumina Local Run Manager
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network..
Critical infrastructure sectors: Healthcare and Public Health
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/icsSeveral recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/icsin the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
10.0 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iSeq 100 Instrument LRM: Versions 1.3 to 3.1
Illumina / iSeq 100 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiniSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiniSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Dx LRM: Versions 1.3 to 3.1
Illumina / MiSeq Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 500 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 500 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550Dx LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
10.0 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iSeq 100 Instrument LRM: Versions 1.3 to 3.1
Illumina / iSeq 100 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiniSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiniSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Dx LRM: Versions 1.3 to 3.1
Illumina / MiSeq Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 500 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 500 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550Dx LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
10.0 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iSeq 100 Instrument LRM: Versions 1.3 to 3.1
Illumina / iSeq 100 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiniSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiniSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Dx LRM: Versions 1.3 to 3.1
Illumina / MiSeq Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 500 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 500 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550Dx LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
9.1 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iSeq 100 Instrument LRM: Versions 1.3 to 3.1
Illumina / iSeq 100 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiniSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiniSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Dx LRM: Versions 1.3 to 3.1
Illumina / MiSeq Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 500 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 500 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550Dx LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
iSeq 100 Instrument LRM: Versions 1.3 to 3.1
Illumina / iSeq 100 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiniSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiniSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Dx LRM: Versions 1.3 to 3.1
Illumina / MiSeq Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
MiSeq Instrument LRM: Versions 1.3 to 3.1
Illumina / MiSeq Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 500 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 500 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550 Instrument LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550 Instrument LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
NextSeq 550Dx LRM: Versions 1.3 to 3.1
Illumina / NextSeq 550Dx LRM
|
>= 1.3 | <= 3.1 |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
13 references
Acknowledgments
Pentest, Ltd
Illumina
{
"document": {
"acknowledgments": [
{
"organization": "Pentest, Ltd",
"summary": "reporting these vulnerabilities to Illumina"
},
{
"organization": "Illumina",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network..",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/icsSeveral recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/icsin the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-153-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-153-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-153-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-153-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Illumina Local Run Manager",
"tracking": {
"current_release_date": "2022-08-23T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-153-02",
"initial_release_date": "2022-06-02T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-06-02T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-153-02 Illumina Local Run Manager"
},
{
"date": "2022-06-22T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "Illumina Local Run Manager (Update A)"
},
{
"date": "2022-08-23T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "Illumina Local Run Manager (Update B)"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.3 | \u003c= 3.1",
"product": {
"name": "iSeq 100 Instrument LRM: Versions 1.3 to 3.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "iSeq 100 Instrument LRM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.3 | \u003c= 3.1",
"product": {
"name": "MiniSeq Instrument LRM: Versions 1.3 to 3.1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "MiniSeq Instrument LRM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.3 | \u003c= 3.1",
"product": {
"name": "MiSeq Dx LRM: Versions 1.3 to 3.1",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "MiSeq Dx LRM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.3 | \u003c= 3.1",
"product": {
"name": "MiSeq Instrument LRM: Versions 1.3 to 3.1",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "MiSeq Instrument LRM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.3 | \u003c= 3.1",
"product": {
"name": "NextSeq 500 Instrument LRM: Versions 1.3 to 3.1",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "NextSeq 500 Instrument LRM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.3 | \u003c= 3.1",
"product": {
"name": "NextSeq 550 Instrument LRM: Versions 1.3 to 3.1",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "NextSeq 550 Instrument LRM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 1.3 | \u003c= 3.1",
"product": {
"name": "NextSeq 550Dx LRM: Versions 1.3 to 3.1",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "NextSeq 550Dx LRM"
}
],
"category": "vendor",
"name": "Illumina"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1517",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network..CVE-2022-1517 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1517"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Illumina has developed a software patch to protect against the remote exploitation of these vulnerabilities and is actively working to provide a permanent software fix for current and future instruments.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For instruments connected to the Internet, the software patch is available for download.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.illumina.com/downloads/illumina-local-run-manager-1.0.html"
},
{
"category": "mitigation",
"details": "Illumnia has released the following hashes for the Local Run Manager in its latest software patch: Filename: LocalRunManagerSecurityPatch.msi",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-512: 52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-256: 595b724f1c5b4bac446001400b38b748b4ef05520b5489ea4711a2a4289e721a",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-1: 25e523031b3bd818d4bba1017c534c735f650e23",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "MD5: 4552a1130947b95ac18be4335c1447f5",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For affected products not connected to the Internet, Illumina has developed other options for the installation of the software patch. Please contact Illumina Tech Support at techsupport@illumina.com to obtain information about these options.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "mailto:techsupport@illumina.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2022-1518",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.CVE-2022-1518 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1518"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Illumina has developed a software patch to protect against the remote exploitation of these vulnerabilities and is actively working to provide a permanent software fix for current and future instruments.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For instruments connected to the Internet, the software patch is available for download.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.illumina.com/downloads/illumina-local-run-manager-1.0.html"
},
{
"category": "mitigation",
"details": "Illumnia has released the following hashes for the Local Run Manager in its latest software patch: Filename: LocalRunManagerSecurityPatch.msi",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-512: 52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-256: 595b724f1c5b4bac446001400b38b748b4ef05520b5489ea4711a2a4289e721a",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-1: 25e523031b3bd818d4bba1017c534c735f650e23",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "MD5: 4552a1130947b95ac18be4335c1447f5",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For affected products not connected to the Internet, Illumina has developed other options for the installation of the software patch. Please contact Illumina Tech Support at techsupport@illumina.com to obtain information about these options.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "mailto:techsupport@illumina.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2022-1519",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit..CVE-2022-1519 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1519"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Illumina has developed a software patch to protect against the remote exploitation of these vulnerabilities and is actively working to provide a permanent software fix for current and future instruments.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For instruments connected to the Internet, the software patch is available for download.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.illumina.com/downloads/illumina-local-run-manager-1.0.html"
},
{
"category": "mitigation",
"details": "Illumnia has released the following hashes for the Local Run Manager in its latest software patch: Filename: LocalRunManagerSecurityPatch.msi",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-512: 52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-256: 595b724f1c5b4bac446001400b38b748b4ef05520b5489ea4711a2a4289e721a",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-1: 25e523031b3bd818d4bba1017c534c735f650e23",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "MD5: 4552a1130947b95ac18be4335c1447f5",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For affected products not connected to the Internet, Illumina has developed other options for the installation of the software patch. Please contact Illumina Tech Support at techsupport@illumina.com to obtain information about these options.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "mailto:techsupport@illumina.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2022-1521",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.CVE-2022-1521 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1521"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Illumina has developed a software patch to protect against the remote exploitation of these vulnerabilities and is actively working to provide a permanent software fix for current and future instruments.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For instruments connected to the Internet, the software patch is available for download.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.illumina.com/downloads/illumina-local-run-manager-1.0.html"
},
{
"category": "mitigation",
"details": "Illumnia has released the following hashes for the Local Run Manager in its latest software patch: Filename: LocalRunManagerSecurityPatch.msi",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-512: 52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-256: 595b724f1c5b4bac446001400b38b748b4ef05520b5489ea4711a2a4289e721a",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-1: 25e523031b3bd818d4bba1017c534c735f650e23",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "MD5: 4552a1130947b95ac18be4335c1447f5",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For affected products not connected to the Internet, Illumina has developed other options for the installation of the software patch. Please contact Illumina Tech Support at techsupport@illumina.com to obtain information about these options.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "mailto:techsupport@illumina.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2022-1524",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials..CVE-2022-1524 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1524"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Illumina has developed a software patch to protect against the remote exploitation of these vulnerabilities and is actively working to provide a permanent software fix for current and future instruments.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For instruments connected to the Internet, the software patch is available for download.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "https://support.illumina.com/downloads/illumina-local-run-manager-1.0.html"
},
{
"category": "mitigation",
"details": "Illumnia has released the following hashes for the Local Run Manager in its latest software patch: Filename: LocalRunManagerSecurityPatch.msi",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-512: 52b5cfdc462b10011027e94f184c2f0da25b0b1363fddb7fa5793938d11f976259a7f73e77c2fd157f560439ec3df70446aa561b586dc8ef94db2ed95fcce841",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-256: 595b724f1c5b4bac446001400b38b748b4ef05520b5489ea4711a2a4289e721a",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "SHA-1: 25e523031b3bd818d4bba1017c534c735f650e23",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "MD5: 4552a1130947b95ac18be4335c1447f5",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For affected products not connected to the Internet, Illumina has developed other options for the installation of the software patch. Please contact Illumina Tech Support at techsupport@illumina.com to obtain information about these options.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
],
"url": "mailto:techsupport@illumina.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…