Home Hacking News SWARCO Traffic Systems Vulnerability Could Allow Signal Hijacking
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

SWARCO Traffic Systems Vulnerability Could Allow Signal Hijacking

by Abeerah Hashim
written by Abeerah Hashim
SWARCO traffic systems vulnerability

A serious vulnerability existed in SWARCO Traffic Systems. Exploiting the vulnerability could allow an attacker to disrupt traffic signals.

SWARCO Traffic Systems Vulnerability

A researcher from the cybersecurity firm ProtectEM found a critical vulnerability affecting SWARCO Traffic Systems. The vulnerability, upon exploitation, could allow an attacker to disrupt traffic signals.

As stated in US-CERT advisory, the researcher Martin Aman found the vulnerability, CVE-2020-12493, in SWARCO’s CPU LS4000 traffic light controllers.

It was an improper access control flaw that achieved a CVSS base score of 10.0. Even a low-skilled attacker could easily exploit the bug and disrupt traffic controllers.

Though, exploiting the flaw required physical access to the target controllers. While that reduces the probability of the attack, in case of such an incident, the attacker could deactivate traffic lights causing huge traffic disruptions.

Describing the details of the flaw, the VDE-CERT stated,

An open port used for debugging grants root access to the device without access control via network.
A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.

Thankfully, no exploitation of the bug in the wild has been detected yet.

Patch Released

As revealed, the vulnerability affected the SWARCO CPU LS4000 with operating systems beginning with G4.

Following the researcher’s report, the vendors worked on a fix to address the flaw. While they have released the patch to fix the bug and close the port, users should make sure to update their systems.

Moreover, US-CERT also advises the users to mitigate the flaw via the following.

  • Ensure minimal network exposure of control systems isolating them from the internet.
  • Protect the control systems and devices via firewall and segregate them from the business network.
  • VPN must be used when remotely accessing the secured devices.

SWARCO is an established vendor of traffic control systems with headquarters in Germany and covering the European region.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses