OTPulse
FeedAboutContact

Illumina Local Run Manager

Act Now10ICS-CERT ICSA-22-153-02Jun 2, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Illumina Local Run Manager versions 1.3 through 3.1 contain multiple vulnerabilities (CWE-250, CWE-22, CWE-434, CWE-284, CWE-319) that allow unauthenticated remote attackers to execute arbitrary code at the operating system level on affected sequencing instruments. An attacker can interact with the instrument, modify configurations, alter sequencing parameters, access sensitive data, or disrupt diagnostic testing operations. The vulnerabilities affect iSeq 100, MiniSeq, MiSeq, MiSeq Dx, NextSeq 500, NextSeq 550, and NextSeq 550Dx instruments. Illumina has released a security patch (LocalRunManagerSecurityPatch.msi) for Internet-connected instruments. For offline instruments, alternative patching methods are available through Illumina Technical Support.

What this means
What could happen
An attacker with network access to a Local Run Manager could execute arbitrary commands on the instrument with operating system-level privileges, potentially altering sequencing parameters, corrupting samples, or disrupting genetic analysis workflows. This could result in invalid test results, failed diagnoses, or complete loss of instrument availability.
Who's at risk
Genetic testing laboratories and medical diagnostic centers using Illumina sequencing instruments (iSeq 100, MiniSeq, MiSeq, MiSeq Dx, NextSeq 500, NextSeq 550, and NextSeq 550Dx) with Local Run Manager software are affected. This impacts the availability and integrity of DNA/RNA sequencing operations and diagnostic testing workflows that depend on these instruments.
How it could be exploited
An attacker sends a specially crafted network request to an exposed Local Run Manager port without requiring authentication. The vulnerability allows the attacker to upload and execute arbitrary code on the instrument, gaining full operating system control. From there, the attacker can modify instrument settings, steal sequencing data, or disable the device entirely.
Prerequisites
  • Network access to the Local Run Manager from an external or untrusted network
  • No credentials required
  • Instrument running LRM version 1.3 through 3.1
Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS 10.0Affects diagnostic/clinical testing systemsNo patch available for end-of-life instrumentsUnauthenticated remote code execution
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (7)
7 with fix
ProductAffected VersionsFix Status
iSeq 100 Instrument LRM:≥ 1.3 | ≤ 3.1See LocalRunManagerSecurityPatch.msi
MiniSeq Instrument LRM:≥ 1.3 | ≤ 3.1See LocalRunManagerSecurityPatch.msi
MiSeq Dx LRM:≥ 1.3 | ≤ 3.1See LocalRunManagerSecurityPatch.msi
MiSeq Instrument LRM:≥ 1.3 | ≤ 3.1See LocalRunManagerSecurityPatch.msi
NextSeq 550 Instrument LRM:≥ 1.3 | ≤ 3.1See LocalRunManagerSecurityPatch.msi
NextSeq 550Dx LRM:≥ 1.3 | ≤ 3.1See LocalRunManagerSecurityPatch.msi
NextSeq 500 Instrument LRM:≥ 1.3 | ≤ 3.1See LocalRunManagerSecurityPatch.msi
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGIsolate all Local Run Manager instruments from the Internet and external networks; do not expose instrument management interfaces to the business network or Internet
HARDENINGPlace instruments behind firewalls and restrict network access to only authorized workstations and systems that require direct connection for operation
WORKAROUNDIf remote access to instruments is required, use a VPN with current security patches and restrict VPN access to specific authorized users and networks
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply the LocalRunManagerSecurityPatch.msi from Illumina to all affected instruments
HOTFIXFor instruments not connected to the Internet, contact Illumina Tech Support at techsupport@illumina.com to obtain alternative patching options
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c1f08fa8-5487-420d-9f09-f41591692682
Illumina Local Run Manager | CVSS 10 - OTPulse