DNA sequencing platform hit by serious security flaws

News
By Sead Fadilpašić
published

Two vulnerabilities affect a whole suite of products

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Universal Copy Service, a software suite used by medical laboratories across the world for DNA sequencing, carries two high-severity vulnerabilities that could allow threat actors to fully take over the targeted endpoints and exfiltrate sensitive data.

A joint security advisory from the US Cybersecurity Infrastructure Security Agency (CISA) and the FDA has urged users to patch the software as soon as possible.

"An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product," CISA’s warning reads.

Sensitive data

Universal Copy Service, developed by a California-based medical technology company called Illumina, is one of the most popular DNA sequencing tools on the planet. Research organizations, academic institutions, biotechnology firms and pharma companies in 140 countries frequently use the program, the publication says.

"On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability," the FDA added.

Read more

> Thousands of medical pumps could be vulnerable to dangerous security bugs

> Attack on healthcare provider exposes personal data of more than 4 million customers

> Check out the best malware removal right now

As per the report, the two vulnerabilities are tracked as CVE-2023-1968, and CVE-2023-1966. The former is a 10/10, “critical” vulnerability that allows threat actors to listen in on all network traffic, consequently finding more vulnerable hosts on the network. Hackers could use it to send commands to the software, tweak settings, and even access sensitive data, the researchers said. The latter, on the other hand, is a 7.4/10, “high” severity vulnerability, allowing UCS users to run commands with elevated privileges.

As the vulnerabilities impact multiple Illumina products, there are different sets of mitigation measures, depending on the software in question. Illumina recommends doing different things, from updating system software, to configuring UCS account credentials, to closing specific firewall ports that might be abused.

The full list of vulnerable products can be found on this link.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.