Vulnerabilites related to illumina - local_run_manager
Vulnerability from fkie_nvd
Published
2022-06-24 15:15
Modified
2024-11-21 06:40
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| illumina | local_run_manager | * | |
| illumina | iseq_100 | - | |
| illumina | miniseq | - | |
| illumina | miseq | - | |
| illumina | miseq_dx | - | |
| illumina | nextseq_500 | - | |
| illumina | nextseq_550 | - | |
| illumina | nextseq_550dx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
"versionEndIncluding": "3.1",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
},
{
"lang": "es",
"value": "LRM versiones 2.4 y anteriores, no implementa el cifrado TLS. Un actor malicioso puede realizar un ataque de tipo MITM a los datos confidenciales en tr\u00e1nsito, incluidas las credenciales"
}
],
"id": "CVE-2022-1524",
"lastModified": "2024-11-21T06:40:54.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:09.437",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 15:15
Modified
2024-11-21 06:40
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| illumina | local_run_manager | * | |
| illumina | iseq_100 | - | |
| illumina | miniseq | - | |
| illumina | miseq | - | |
| illumina | miseq_dx | - | |
| illumina | nextseq_500 | - | |
| illumina | nextseq_550 | - | |
| illumina | nextseq_550dx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
"versionEndIncluding": "3.1",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
},
{
"lang": "es",
"value": "LRM contiene una vulnerabilidad de salto de directorio que puede permitir a un actor malicioso subir archivos fuera de la estructura de directorios prevista"
}
],
"id": "CVE-2022-1518",
"lastModified": "2024-11-21T06:40:53.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:09.270",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 15:15
Modified
2024-11-21 06:40
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| illumina | local_run_manager | * | |
| illumina | iseq_100 | - | |
| illumina | miniseq | - | |
| illumina | miseq | - | |
| illumina | miseq_dx | - | |
| illumina | nextseq_500 | - | |
| illumina | nextseq_550 | - | |
| illumina | nextseq_550dx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
"versionEndIncluding": "3.1",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
},
{
"lang": "es",
"value": "LRM usa altos privilegios. Un actor malicioso no autenticado puede cargar y ejecutar c\u00f3digo de forma remota a nivel del sistema operativo, lo que puede permitir a un atacante cambiar los ajustes, configuraciones, software o acceder a datos confidenciales en el producto afectado. Un atacante tambi\u00e9n podr\u00eda explotar esta vulnerabilidad para acceder a APIs no destinadas al uso general e interactuar mediante la red"
}
],
"id": "CVE-2022-1517",
"lastModified": "2024-11-21T06:40:53.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:09.220",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 15:15
Modified
2024-11-21 06:40
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| illumina | local_run_manager | * | |
| illumina | iseq_100 | - | |
| illumina | miniseq | - | |
| illumina | miseq | - | |
| illumina | miseq_dx | - | |
| illumina | nextseq_500 | - | |
| illumina | nextseq_550 | - | |
| illumina | nextseq_550dx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
"versionEndIncluding": "3.1",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
},
{
"lang": "es",
"value": "LRM no implementa la autenticaci\u00f3n ni la autorizaci\u00f3n por defecto. Un actor malicioso puede inyectar, reproducir, modificar y/o interceptar datos confidenciales"
}
],
"id": "CVE-2022-1521",
"lastModified": "2024-11-21T06:40:53.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:09.390",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
},
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 15:15
Modified
2024-11-21 06:40
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| illumina | local_run_manager | * | |
| illumina | iseq_100 | - | |
| illumina | miniseq | - | |
| illumina | miseq | - | |
| illumina | miseq_dx | - | |
| illumina | nextseq_500 | - | |
| illumina | nextseq_550 | - | |
| illumina | nextseq_550dx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
"versionEndIncluding": "3.1",
"versionStartIncluding": "1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
},
{
"lang": "es",
"value": "LRM no restringe los tipos de archivos que pueden cargarse en el producto afectado. Un actor malicioso puede cargar cualquier tipo de archivo, incluyendo c\u00f3digo ejecutable que permite una explotaci\u00f3n de c\u00f3digo remoto"
}
],
"id": "CVE-2022-1519",
"lastModified": "2024-11-21T06:40:53.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:09.333",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
CVE-2022-1521 (GCVE-0-2022-1521)
Vulnerability from cvelistv5
Published
2022-06-24 15:00
Modified
2025-04-16 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - cwe-284
Summary
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Illumina | NextSeq 550Dx |
Version: LRM Versions 1.3 to 3.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:21.716090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:16:46.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrumen",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "cwe-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.4 IMPROPER ACCESS CONTROL CWE-284",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1521",
"STATE": "PUBLIC",
"TITLE": "3.2.4 IMPROPER ACCESS CONTROL CWE-284"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrumen",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1521",
"datePublished": "2022-06-24T15:00:15.565Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:16:46.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1519 (GCVE-0-2022-1519)
Vulnerability from cvelistv5
Published
2022-06-24 15:00
Modified
2025-04-16 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Illumina | NextSeq 550Dx |
Version: LRM Versions 1.3 to 3.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:29.024230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:02.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:13.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1519",
"STATE": "PUBLIC",
"TITLE": ""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1519",
"datePublished": "2022-06-24T15:00:13.721Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:02.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1518 (GCVE-0-2022-1518)
Vulnerability from cvelistv5
Published
2022-06-24 15:00
Modified
2025-04-16 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Illumina | NextSeq 550Dx |
Version: LRM Versions 1.3 to 3.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:25.332039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:16:54.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1518",
"STATE": "PUBLIC",
"TITLE": "3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1518",
"datePublished": "2022-06-24T15:00:14.741Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:16:54.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1517 (GCVE-0-2022-1517)
Vulnerability from cvelistv5
Published
2022-06-24 15:00
Modified
2025-04-16 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - cwe-250
Summary
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Illumina | NextSeq 550Dx |
Version: LRM Versions 1.3 to 3.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:32.128012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:11.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "cwe-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:12.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1517",
"STATE": "PUBLIC",
"TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1517",
"datePublished": "2022-06-24T15:00:12.934Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:11.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1524 (GCVE-0-2022-1524)
Vulnerability from cvelistv5
Published
2022-06-24 15:00
Modified
2025-04-16 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Illumina | NextSeq 550Dx |
Version: LRM Versions 1.3 to 3.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:28:35.654447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:52:17.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1524",
"STATE": "PUBLIC",
"TITLE": "3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1524",
"datePublished": "2022-06-24T15:00:16.330Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:52:17.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}