CVE-2023-1968
CVE-2023-1968
In short
Illumina instruments running Universal Copy Service v2.x listen on all network addresses without restriction, allowing anyone on the network to connect and potentially compromise the system without needing a password.
Technical detail
CWE-1327 involves binding to an unrestricted IP address (0.0.0.0 or ::), exposing UCS v2.x to unauthenticated network access. An attacker on the same network or with routing to the instrument can interact with the service directly, bypassing authentication mechanisms and gaining control over sensitive medical imaging operations.
Summary generated and translated by AI from the official description.
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Illumina · iScan Control SoftwareIllumina · iSeq 100Illumina · MiniSeq Control SoftwareIllumina · MiSeq Control SoftwareIllumina · MiSeqDx Operating SoftwareIllumina · NextSeq 1000/2000 Control SoftwareIllumina · NextSeq 500/550 Control SoftwareIllumina · NextSeq 550Dx Control SoftwareIllumina · NextSeq 550Dx Operating SoftwareIllumina · NovaSeq 6000 Control SoftwareIllumina · NovaSeq Control SoftwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →