Login Sign Up

CVE-2022-1524

7.4 HIGH

📋 TL;DR

CVE-2022-1524 affects LRM (Logistics Resource Management) versions 2.4 and lower, which lack TLS encryption for data transmission. This allows attackers to perform man-in-the-middle attacks to intercept sensitive data including credentials. Organizations using unpatched LRM systems are vulnerable to credential theft and data exposure.

💻 Affected Systems

Products:
  • LRM (Logistics Resource Management)
Versions: 2.4 and lower
Operating Systems: Not specified - likely multiple
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using default configurations without TLS implementation are vulnerable.

📦 What is this software?

Local Run Manager by Illumina

View all CVEs affecting Local Run Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept administrative credentials, gain full system access, manipulate logistics data, and potentially disrupt critical supply chain operations.

🟠

Likely Case

Credential theft leading to unauthorized access to logistics systems and sensitive operational data exposure.

🟢

If Mitigated

Limited data exposure if network segmentation and monitoring detect anomalous traffic patterns.

🌐 Internet-Facing: HIGH - Any internet-exposed LRM instance without TLS is trivially exploitable via MITM attacks.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still intercept unencrypted traffic.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

MITM attacks require network positioning but are well-understood and easily automated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.5 or higher

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

Restart Required: Yes

Instructions:

1. Download LRM version 2.5 or higher from vendor. 2. Backup current configuration. 3. Install updated version. 4. Restart LRM services. 5. Verify TLS is enabled and functioning.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate LRM systems to trusted network segments to limit MITM attack surface

VPN Tunnel

all

Route all LRM traffic through encrypted VPN tunnels

🧯 If You Can't Patch

  • Deploy network-based TLS termination proxy in front of LRM systems
  • Implement strict network access controls and monitor for anomalous traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check LRM version via admin interface or configuration files. If version ≤2.4 and TLS is not configured/enabled, system is vulnerable.

Check Version:

Check LRM admin interface or configuration files for version information (vendor-specific)

Verify Fix Applied:

Verify LRM version is ≥2.5 and confirm TLS encryption is active by checking configuration and testing network traffic encryption.

📡 Detection & Monitoring

Log Indicators:

  • Failed TLS handshake attempts
  • Unusual authentication patterns
  • Multiple connection attempts from unexpected sources

Network Indicators:

  • Unencrypted traffic to LRM ports
  • ARP spoofing or DNS poisoning attempts in network segments containing LRM

SIEM Query:

source_ip=LRM_IP AND (protocol=HTTP OR NOT protocol=TLS)

📊 Metadata

CVE ID: CVE-2022-1524
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-319
Published: June 24, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1524, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)
CVE-2020-5426 9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS ...

Same vulnerability type (CWE-319)