Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

DNA sequencing platform hit by serious security flaws

Red padlock open on electric circuits network dark red background

Universal Copy Service, a software suite used by medical laboratories across the world for DNA sequencing, carries two high-severity vulnerabilities that could allow threat actors to fully take over the targeted endpoints and exfiltrate sensitive data.

A joint security advisory from the US Cybersecurity Infrastructure Security Agency (CISA) and the FDA has urged users to patch the software as soon as possible.

"An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product," CISA’s warning reads.

Sensitive data

Universal Copy Service, developed by a California-based medical technology company called Illumina, is one of the most popular DNA sequencing tools on the planet. Research organizations, academic institutions, biotechnology firms and pharma companies in 140 countries frequently use the program, the publication says.

"On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability," the FDA added.

As per the report, the two vulnerabilities are tracked as CVE-2023-1968, and CVE-2023-1966. The former is a 10/10, “critical” vulnerability that allows threat actors to listen in on all network traffic, consequently finding more vulnerable hosts on the network. Hackers could use it to send commands to the software, tweak settings, and even access sensitive data, the researchers said. The latter, on the other hand, is a 7.4/10, “high” severity vulnerability, allowing UCS users to run commands with elevated privileges.

As the vulnerabilities impact multiple Illumina products, there are different sets of mitigation measures, depending on the software in question. Illumina recommends doing different things, from updating system software, to configuring UCS account credentials, to closing specific firewall ports that might be abused.

The full list of vulnerable products can be found on this link.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.