DNA sequencing firm hit by security flaws. A whole suit of products has been reported to have been affected by two vulnerabilities.
DNA Sequencing Firm Security Flaws
Universal Copy Service which is a software suite that is used by medical laboratories across the globe for DNA sequencing, carries two high-severity vulnerabilities that could let threat actors to take over the targeted endpoints fully and then exfiltrate sensitive data.
A joint security advisory however from the US Cybersecurity Infrastructure Security Agency (CISA) and the FDA has urged users of the services of the platform to patch the software as soon as possible.
“An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product,” the warning from CISA reads.
Universal Copy Service
Universal Copy Service, which is developed by a California-based medical technology firm known as Illumina, is one of the most well-known DNA sequencing tools on the planet. Research organizations, academic institutions, biotechnology firms, and pharma companies in 140 countries and regions use the program very often, the publication states.
“On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability,” the FDA continued.
The Two Reported Vulnerabilities and How They Work
And as per the report, the two vulnerabilities in question are tracked as CVE-2023-1968 and CVE-2023-1966. The former of the vulnerabilities is a 10/10, “critical” vulnerability that lets threat actors to listen in on all network traffic, and consequently find more vulnerable hosts that are on the network. Hackers could easily use it to send commands to the software, thus tweak settings, and even get access to sensitive data, the researchers stated. The latter, however, on the other hand, is a 7.4/10, “high” severity vulnerability, that lets UCS users to run commands with elevated privileges.
How to Mitigate the Effects of the Vulnerabilities
And as multiple Illumina products are impacted by the vulnerabilities, there are different sets of mitigation measures, all depending on the software in question. Illumina however recommends that doing different things, ranging from updating system software, to configuring UCS account credentials, to closing specific firewall ports that might be greatly abused.
MORE RELATED POSTS