Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2022-1517

Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2024-11-21 06:40

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
illumina	local_run_manager	*
illumina	iseq_100	-
illumina	miniseq	-
illumina	miseq	-
illumina	miseq_dx	-
illumina	nextseq_500	-
illumina	nextseq_550	-
illumina	nextseq_550dx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
              "versionEndIncluding": "3.1",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
    },
    {
      "lang": "es",
      "value": "LRM usa altos privilegios. Un actor malicioso no autenticado puede cargar y ejecutar c\u00f3digo de forma remota a nivel del sistema operativo, lo que puede permitir a un atacante cambiar los ajustes, configuraciones, software o acceder a datos confidenciales en el producto afectado. Un atacante tambi\u00e9n podr\u00eda explotar esta vulnerabilidad para acceder a APIs no destinadas al uso general e interactuar mediante la red"
    }
  ],
  "id": "CVE-2022-1517",
  "lastModified": "2024-11-21T06:40:53.083",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T15:15:09.220",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-1519

Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2024-11-21 06:40

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
illumina	local_run_manager	*
illumina	iseq_100	-
illumina	miniseq	-
illumina	miseq	-
illumina	miseq_dx	-
illumina	nextseq_500	-
illumina	nextseq_550	-
illumina	nextseq_550dx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
              "versionEndIncluding": "3.1",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
    },
    {
      "lang": "es",
      "value": "LRM no restringe los tipos de archivos que pueden cargarse en el producto afectado. Un actor malicioso puede cargar cualquier tipo de archivo, incluyendo c\u00f3digo ejecutable que permite una explotaci\u00f3n de c\u00f3digo remoto"
    }
  ],
  "id": "CVE-2022-1519",
  "lastModified": "2024-11-21T06:40:53.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T15:15:09.333",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2022-1524

Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2024-11-21 06:40

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
illumina	local_run_manager	*
illumina	iseq_100	-
illumina	miniseq	-
illumina	miseq	-
illumina	miseq_dx	-
illumina	nextseq_500	-
illumina	nextseq_550	-
illumina	nextseq_550dx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
              "versionEndIncluding": "3.1",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
    },
    {
      "lang": "es",
      "value": "LRM versiones 2.4 y anteriores, no implementa el cifrado TLS. Un actor malicioso puede realizar un ataque de tipo MITM a los datos confidenciales en tr\u00e1nsito, incluidas las credenciales"
    }
  ],
  "id": "CVE-2022-1524",
  "lastModified": "2024-11-21T06:40:54.017",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T15:15:09.437",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2022-1518

Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2024-11-21 06:40

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
illumina	local_run_manager	*
illumina	iseq_100	-
illumina	miniseq	-
illumina	miseq	-
illumina	miseq_dx	-
illumina	nextseq_500	-
illumina	nextseq_550	-
illumina	nextseq_550dx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
              "versionEndIncluding": "3.1",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
    },
    {
      "lang": "es",
      "value": "LRM contiene una vulnerabilidad de salto de directorio que puede permitir a un actor malicioso subir archivos fuera de la estructura de directorios prevista"
    }
  ],
  "id": "CVE-2022-1518",
  "lastModified": "2024-11-21T06:40:53.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T15:15:09.270",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2022-1521

Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2024-11-21 06:40

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
illumina	local_run_manager	*
illumina	iseq_100	-
illumina	miniseq	-
illumina	miseq	-
illumina	miseq_dx	-
illumina	nextseq_500	-
illumina	nextseq_550	-
illumina	nextseq_550dx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:illumina:local_run_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A76287-2C7D-4EDD-B551-3E162819A08B",
              "versionEndIncluding": "3.1",
              "versionStartIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:illumina:iseq_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0136ED72-BF05-404D-910A-DA5B73F69771",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miniseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA69772-E795-4A64-A6A1-0BDD503D263B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFB0D5A-AF5A-4A84-963F-C6307ADCFF4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:miseq_dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7731600-AE91-4D74-A219-BAE147B29A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C7AEA5A-707D-4BF4-9DF6-BDE6E6D97B60",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF742B4D-0FC5-443A-8040-7B0A1B298707",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:illumina:nextseq_550dx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D5AB9D-7EAA-45F2-A10F-A2D142B20D3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
    },
    {
      "lang": "es",
      "value": "LRM no implementa la autenticaci\u00f3n ni la autorizaci\u00f3n por defecto. Un actor malicioso puede inyectar, reproducir, modificar y/o interceptar datos confidenciales"
    }
  ],
  "id": "CVE-2022-1521",
  "lastModified": "2024-11-21T06:40:53.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-24T15:15:09.390",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        },
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-1524 (GCVE-0-2022-1524)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 17:52

Title

3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

Summary

LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1524",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T17:28:35.654447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T17:52:17.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:16.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1524",
          "STATE": "PUBLIC",
          "TITLE": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1524",
    "datePublished": "2022-06-24T15:00:16.330Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T17:52:17.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1521 (GCVE-0-2022-1521)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16

Title

3.2.4 IMPROPER ACCESS CONTROL CWE-284

Summary

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-284 - cwe-284

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrumen	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1521",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:21.716090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:16:46.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrumen",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "cwe-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:15.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.4    IMPROPER ACCESS CONTROL CWE-284",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1521",
          "STATE": "PUBLIC",
          "TITLE": "3.2.4    IMPROPER ACCESS CONTROL CWE-284"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrumen",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "cwe-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1521",
    "datePublished": "2022-06-24T15:00:15.565Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:16:46.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1518 (GCVE-0-2022-1518)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16

Title

3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22

Summary

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:02.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:25.332039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:16:54.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:14.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1518",
          "STATE": "PUBLIC",
          "TITLE": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1518",
    "datePublished": "2022-06-24T15:00:14.741Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:16:54.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1519 (GCVE-0-2022-1519)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17

Summary

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1519",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:29.024230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:17:02.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:13.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1519",
          "STATE": "PUBLIC",
          "TITLE": ""
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1519",
    "datePublished": "2022-06-24T15:00:13.721Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:17:02.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1517 (GCVE-0-2022-1517)

Vulnerability from cvelistv5 – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17

Title

3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

Summary

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250 - cwe-250

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:02.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1517",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:32.128012Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:17:11.157Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "cwe-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:12.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1517",
          "STATE": "PUBLIC",
          "TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "cwe-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1517",
    "datePublished": "2022-06-24T15:00:12.934Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:17:11.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1524 (GCVE-0-2022-1524)

Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 17:52

Title

3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

Summary

LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-319 - Cleartext Transmission of Sensitive Information

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1524",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T17:28:35.654447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T17:52:17.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:16.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1524",
          "STATE": "PUBLIC",
          "TITLE": "3.2.5    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319 Cleartext Transmission of Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1524",
    "datePublished": "2022-06-24T15:00:16.330Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T17:52:17.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1521 (GCVE-0-2022-1521)

Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16

Title

3.2.4 IMPROPER ACCESS CONTROL CWE-284

Summary

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-284 - cwe-284

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrumen	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1521",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:21.716090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:16:46.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrumen",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "cwe-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:15.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.4    IMPROPER ACCESS CONTROL CWE-284",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1521",
          "STATE": "PUBLIC",
          "TITLE": "3.2.4    IMPROPER ACCESS CONTROL CWE-284"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrumen",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "cwe-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1521",
    "datePublished": "2022-06-24T15:00:15.565Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:16:46.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1518 (GCVE-0-2022-1518)

Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:16

Title

3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22

Summary

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:02.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:25.332039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:16:54.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:14.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1518",
          "STATE": "PUBLIC",
          "TITLE": "3.2.2    IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1518",
    "datePublished": "2022-06-24T15:00:14.741Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:16:54.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1519 (GCVE-0-2022-1519)

Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17

Summary

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:03.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1519",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:29.024230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:17:02.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:13.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1519",
          "STATE": "PUBLIC",
          "TITLE": ""
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1519",
    "datePublished": "2022-06-24T15:00:13.721Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:17:02.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1517 (GCVE-0-2022-1517)

Vulnerability from nvd – Published: 2022-06-24 15:00 – Updated: 2025-04-16 16:17

Title

3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

Summary

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250 - cwe-250

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsa-2…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Illumina

NextSeq 550Dx

Affected: LRM Versions 1.3 to 3.1

Illumina	MiSeq Dx	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 500 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	NextSeq 550 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiSeq Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	iSeq 100 Instrument	Affected: LRM Versions 1.3 to 3.1
Illumina	MiniSeq Instrument	Affected: LRM Versions 1.3 to 3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:10:02.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1517",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:32.128012Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:17:11.157Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NextSeq 550Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Dx",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 500 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "NextSeq 550 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "iSeq 100 Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        },
        {
          "product": "MiniSeq Instrument",
          "vendor": "Illumina",
          "versions": [
            {
              "status": "affected",
              "version": "LRM Versions 1.3 to 3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-06-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "cwe-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T15:00:12.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "20220602T06:00:00.000000Z",
          "ID": "CVE-2022-1517",
          "STATE": "PUBLIC",
          "TITLE": "3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Dx",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 500 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NextSeq 550 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iSeq 100 Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiniSeq Instrument",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "=",
                            "version_name": "",
                            "version_value": "LRM Versions 1.3 to 3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Illumina"
              }
            ]
          }
        },
        "credit": [],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "cwe-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1517",
    "datePublished": "2022-06-24T15:00:12.934Z",
    "dateReserved": "2022-04-28T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:17:11.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

15 vulnerabilities found for local_run_manager by illumina

FKIE_CVE-2022-1517

FKIE_CVE-2022-1519

FKIE_CVE-2022-1524

FKIE_CVE-2022-1518

FKIE_CVE-2022-1521

CVE-2022-1524 (GCVE-0-2022-1524)

CVE-2022-1521 (GCVE-0-2022-1521)

CVE-2022-1518 (GCVE-0-2022-1518)

CVE-2022-1519 (GCVE-0-2022-1519)

CVE-2022-1517 (GCVE-0-2022-1517)

CVE-2022-1524 (GCVE-0-2022-1524)

CVE-2022-1521 (GCVE-0-2022-1521)

CVE-2022-1518 (GCVE-0-2022-1518)

CVE-2022-1519 (GCVE-0-2022-1519)

CVE-2022-1517 (GCVE-0-2022-1517)