Login Sign Up

CVE-2022-1517

10.0 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-1517 is a critical vulnerability in LRM (likely a network management system) that allows unauthenticated remote attackers to upload and execute arbitrary code with elevated privileges. This enables complete system compromise, configuration changes, and access to sensitive data. Any system running vulnerable LRM versions is affected.

💻 Affected Systems

Products:
  • LRM (specific product name not provided in CVE)
Versions: Not specified in provided references
Operating Systems: Not specified, likely multiple
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration. ICSA-22-153-02 advisory references industrial control systems.

📦 What is this software?

Local Run Manager by Illumina

View all CVEs affecting Local Run Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover, data exfiltration, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Unauthorized access to sensitive data, configuration changes disrupting operations, and installation of malware/ransomware.

🟢

If Mitigated

Limited impact if network segmentation, strict access controls, and monitoring prevent exploitation attempts.

🌐 Internet-Facing: HIGH - Unauthenticated remote code execution allows attackers to directly compromise exposed systems.
🏢 Internal Only: HIGH - Even internally, unauthenticated exploitation allows lateral movement and privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 10.0 indicates trivial exploitation with no authentication required and maximum impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

Restart Required: Yes

Instructions:

1. Consult vendor advisory for specific patch. 2. Apply security updates to affected LRM systems. 3. Restart services/systems as required. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate LRM systems from untrusted networks and internet access

Access Control Lists

all

Restrict network access to LRM systems to authorized IPs only

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access
  • Deploy intrusion detection/prevention systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check LRM version against vendor advisory. Monitor for unauthorized file uploads or privilege escalation.

Check Version:

Vendor-specific command (not provided in references)

Verify Fix Applied:

Verify LRM version is updated to patched version. Test that unauthenticated file upload/execution is no longer possible.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated file upload attempts
  • Privilege escalation events
  • Unusual process execution from LRM

Network Indicators:

  • Unexpected network connections from LRM systems
  • File upload traffic to LRM endpoints

SIEM Query:

source="lrm" AND (event="file_upload" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2022-1517
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-250
Published: June 24, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1517, you might also want to check these:

CVE-2025-32445 9.9

This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escal...

Same vulnerability type (CWE-250)
CVE-2024-8767 9.9

This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assign...

Same vulnerability type (CWE-250)
CVE-2024-3330 9.9

This vulnerability allows attackers to execute arbitrary code in Spotfire products. It affects Spotf...

Same vulnerability type (CWE-250)