CISA Issues Warning on Critical Vulnerabilities Found in Illumina’s DNA Sequencing Devices

CISA Issues Warning on Critical Vulnerabilities Found in Illumina’s DNA Sequencing Devices

아리 데니알
Published by: 아리 데니알 on 3월 29, 2024

An Industrial Control Systems (ICS) medical advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regarding a severe vulnerability affecting medical devices manufactured by Illumina.

In a warning issued, the Cybersecurity and Infrastructure Security Agency (CISA) has cautioned that Illumina’s medical devices contain a severe vulnerability that could enable an unauthorized individual to upload and execute code at the operating system level remotely.

This could potentially lead to unauthorized access to sensitive data, manipulation of settings, configurations, and software. Illumina, a California-based medical technology firm that specializes in developing and producing advanced bioanalysis and DNA sequencing machines, has its devices utilized for DNA sequencing in various settings, such as clinical, research, academic, biotech, and pharmaceutical environments across 140 countries.

The FDA has issued an advisory stating that Illumina has notified its affected customers to check their medical devices for any indication of exploitation of the recently discovered vulnerabilities.

One of the vulnerabilities (CVE-2023-1968) is deemed critical and could enable remote attackers to bind to exposed IP addresses, potentially leading to unauthorized access to network traffic and finding more vulnerable hosts within the network.

Additionally, some of these devices, which can operate in either clinical diagnostic mode or RUO mode, have been labeled “For Research Use Only. Not for use in diagnostic procedures.” Some labs may utilize them for clinical diagnostic purposes, despite being intended for research use only.

Illumina has identified two vulnerabilities in its software, with the first flaw allowing for modification of settings, sending of commands, and possible unauthorized data access. The second flaw permits UCS users to execute commands with heightened privileges.

Devices and software versions not listed are unaffected by these vulnerabilities. Illumina has released a bulletin detailing the necessary steps to be taken based on the product and system configuration.

To address the vulnerabilities in Illumina’s medical devices, recommended actions include updating system software using product-specific installers, configuring UCS account credentials, and closing firewall ports.

Additionally, CISA advises users to minimize control system exposure to the internet, using firewalls to isolate them from the wider network and employing VPNs for remote access.

이 기사가 마음에 드셨나요? 평가해 주세요!
정말 싫습니다 별로 좋아하지 않습니다 괜찮습니다 꽤 좋습니다! 정말 좋습니다!
0 0명의 사용자가 투표
제목
코멘트
피드백을 주셔서 감사합니다