Search criteria
10 vulnerabilities found for MiSeq Instrument by Illumina
CVE-2022-1524 (GCVE-0-2022-1524)
Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 17:52
VLAI?
Title
3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Summary
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.
Severity ?
7.4 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:28:35.654447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:52:17.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1524",
"STATE": "PUBLIC",
"TITLE": "3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1524",
"datePublished": "2022-06-24T15:00:16.330Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:52:17.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1521 (GCVE-0-2022-1521)
Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
VLAI?
Title
3.2.4 IMPROPER ACCESS CONTROL CWE-284
Summary
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - cwe-284
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:21.716090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:16:46.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrumen",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "cwe-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.4 IMPROPER ACCESS CONTROL CWE-284",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1521",
"STATE": "PUBLIC",
"TITLE": "3.2.4 IMPROPER ACCESS CONTROL CWE-284"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrumen",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1521",
"datePublished": "2022-06-24T15:00:15.565Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:16:46.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1518 (GCVE-0-2022-1518)
Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
VLAI?
Title
3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Summary
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
Severity ?
10 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:25.332039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:16:54.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1518",
"STATE": "PUBLIC",
"TITLE": "3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1518",
"datePublished": "2022-06-24T15:00:14.741Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:16:54.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1519 (GCVE-0-2022-1519)
Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
VLAI?
Summary
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
Severity ?
10 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:29.024230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:02.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:13.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1519",
"STATE": "PUBLIC",
"TITLE": ""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1519",
"datePublished": "2022-06-24T15:00:13.721Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:02.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1517 (GCVE-0-2022-1517)
Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
VLAI?
Title
3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
Summary
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
Severity ?
10 (Critical)
CWE
- CWE-250 - cwe-250
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:32.128012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:11.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "cwe-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:12.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1517",
"STATE": "PUBLIC",
"TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1517",
"datePublished": "2022-06-24T15:00:12.934Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:11.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1524 (GCVE-0-2022-1524)
Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 17:52
VLAI?
Title
3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Summary
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.
Severity ?
7.4 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:28:35.654447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:52:17.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1524",
"STATE": "PUBLIC",
"TITLE": "3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1524",
"datePublished": "2022-06-24T15:00:16.330Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:52:17.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1521 (GCVE-0-2022-1521)
Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
VLAI?
Title
3.2.4 IMPROPER ACCESS CONTROL CWE-284
Summary
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - cwe-284
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:21.716090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:16:46.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrumen",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "cwe-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.4 IMPROPER ACCESS CONTROL CWE-284",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1521",
"STATE": "PUBLIC",
"TITLE": "3.2.4 IMPROPER ACCESS CONTROL CWE-284"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrumen",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1521",
"datePublished": "2022-06-24T15:00:15.565Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:16:46.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1518 (GCVE-0-2022-1518)
Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16
VLAI?
Title
3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Summary
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
Severity ?
10 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:25.332039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:16:54.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1518",
"STATE": "PUBLIC",
"TITLE": "3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1518",
"datePublished": "2022-06-24T15:00:14.741Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:16:54.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1519 (GCVE-0-2022-1519)
Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
VLAI?
Summary
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.
Severity ?
10 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:29.024230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:02.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:13.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1519",
"STATE": "PUBLIC",
"TITLE": ""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1519",
"datePublished": "2022-06-24T15:00:13.721Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:02.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1517 (GCVE-0-2022-1517)
Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17
VLAI?
Title
3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
Summary
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.
Severity ?
10 (Critical)
CWE
- CWE-250 - cwe-250
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Illumina | NextSeq 550Dx |
Affected:
LRM Versions 1.3 to 3.1
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:54:32.128012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:11.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NextSeq 550Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Dx",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 500 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "NextSeq 550 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "iSeq 100 Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
},
{
"product": "MiniSeq Instrument",
"vendor": "Illumina",
"versions": [
{
"status": "affected",
"version": "LRM Versions 1.3 to 3.1"
}
]
}
],
"datePublic": "2022-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "cwe-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T15:00:12.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "20220602T06:00:00.000000Z",
"ID": "CVE-2022-1517",
"STATE": "PUBLIC",
"TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Dx",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 500 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "NextSeq 550 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "iSeq 100 Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
},
{
"product": {
"product_data": [
{
"product_name": "MiniSeq Instrument",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "LRM Versions 1.3 to 3.1"
}
]
}
}
]
},
"vendor_name": "Illumina"
}
]
}
},
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1517",
"datePublished": "2022-06-24T15:00:12.934Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:11.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}