April 29, 2023Rabbi LakshmananHealthcare / Cybersecurity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Medical Advisory Alert regarding a critical flaw affecting Illumina medical devices.

This issue affects the Universal Copy Service (UCS) software on the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA sequencers.

The most severe vulnerability, CVE-2023-1968 (CVSS score: 10.0), allows remote attackers to bind to public IP addresses, eavesdrop on network traffic, and remotely execute arbitrary commands. Allows you to send with

The second issue is related to a case of permission misconfiguration (CVE-2023-1966, CVSS score: 7.4), where an unauthenticated remote malicious actor could upload and update code with elevated privileges. It might work.

“Successfully exploiting these vulnerabilities could allow an attacker to take actions at the operating system level.” CISA Said“The threat actor may affect the settings, configuration, software, or data of the affected product. The threat actor may interact through the affected product through a connected network.” there is.”

Food and Drug Administration (FDA) Said Unauthorized users are prohibited from using “genomic data to affect equipment intended for clinical diagnostic purposes, including the inability of the equipment to provide results, inaccurate results, altered results, or potential data Including causing infringement.”

There is no evidence that the two vulnerabilities were actually exploited.the user is apply the fix Released April 5, 2023 to mitigate potential threats.

upcoming webinars

Learn how to stop ransomware with real-time protection

Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.

Save my seat!

This isn’t the first time that Illumina’s DNA sequencing devices have been found to have serious flaws. In June 2022, the company disclosed multiple similar vulnerabilities that may have been exploited to take control of affected systems.

This disclosure comes almost a month after the FDA. issued New guidance requiring medical device manufacturers to adhere to a set of cybersecurity requirements when submitting new product applications.

This includes a plan to monitor, identify and address “post-market” cybersecurity vulnerabilities and exploits within a reasonable period of time, and to ensure the security of such devices through regular and out-of-band patching. includes a plan to design and maintain the process of

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog