Headline
CVE-2023-1966: Illumina Universal Copy Service Vulnerability
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.
Thank you for visiting the customer support site for the UCS vulnerability.
The following table lists the impacted instruments and software versions. All instruments require actions outlined in the instruction guide. Illumina recommends that you read the instructions before downloading any software.
NOTE: For any software versions not specified in the table, your instrument is not impacted by this vulnerability and no actions are required. Please return the verification form attached to your notification confirming the action was not performed.
Instrument
Impacted Software Versions
Actions Required
iScan
iScan Control Software 4.0.0
Configure UCS account credentials.
NOTE: The instructions indicate that iScan Control Software v4.0.0 and above require a software update. Version 4.0.0 does not need a software update and only requires configuration of UCS account credentials.
iScan Control Software 4.0.5
Contact Illumina Technical Support to upgrade to v4.2.1.
iSeq 100
All
Configure UCS account credentials.
MiniSeq
MiniSeq Control Software 2.0 and newer
Configure UCS account credentials.
MiSeq
MiSeq Control Software 4.0 and newer
Configure UCS account credentials.
MiSeqDx
MiSeq Control Software 4.0 (RUO Mode)
Configure UCS account credentials.
MiSeqDx Operating Software 4.0.1 and newer
- Update system software with MiSeqDx Software Suite Installer v4.0.3.19.
- Configure UCS account credentials.
NextSeq 500/550
NextSeq Control Software 4.0
Configure UCS account credentials.
NextSeq 550Dx
NextSeq Control Software 4.0 (RUO Mode)
Configure UCS account credentials.
NextSeq Operating Software 1.0.0-1.3.1
Configure UCS account credentials.
NextSeq Operating Software 1.3.3 and newer
- Update system software with NextSeq 550Dx Software Suite Installer v1.5.2.3.
- Configure UCS account credentials.
NextSeq 1000/2000
NextSeq Control Software 1.4.1
Update the system software with NextSeq 1000/2000 Control Software Suite v1.5.0 Installer.
NovaSeq 6000
NovaSeq Control Software 1.7 and older
Configure UCS account credentials.
NOTE: The instructions state that the firewall port must be closed for these software versions. Closing the firewall port is not required.
NovaSeq Control Software 1.8
- Update system software with NovaSeq Software Suite Installer v1.8.1.59.
- Configure UCS account credentials.
- Close firewall port.
The following video is meant to provide additional context to the UCS Instruction Guide. Please read the instructions first.
This video:
- is specifically for Windows 10 instruments (this excludes NovaSeq 6000 RUO).
- demonstrates how to modify the user configuration of the UCS service to “Local Service” (standard user).
NOTE: This video is applicable only to instruments where UCS is currently configured to use "Local System". If UCS is not configured to use “Local System” on your instrument, refer to the Instruction Guide for additional details.
LINK to demonstration video.
Related news
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA