SWARCO Traffic Systems Vulnerability Could Allow Signal Hijacking

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

A serious vulnerability existed in SWARCO Traffic Systems. Exploiting the vulnerability could allow an attacker to disrupt traffic signals.

SWARCO Traffic Systems Vulnerability

A researcher from the cybersecurity firm ProtectEM found a critical vulnerability affecting SWARCO Traffic Systems. The vulnerability, upon exploitation, could allow an attacker to disrupt traffic signals.

As stated in US-CERT advisory, the researcher Martin Aman found the vulnerability, CVE-2020-12493, in SWARCO’s CPU LS4000 traffic light controllers.

It was an improper access control flaw that achieved a CVSS base score of 10.0. Even a low-skilled attacker could easily exploit the bug and disrupt traffic controllers.

Though, exploiting the flaw required physical access to the target controllers. While that reduces the probability of the attack, in case of such an incident, the attacker could deactivate traffic lights causing huge traffic disruptions.

Describing the details of the flaw, the VDE-CERT stated,

An open port used for debugging grants root access to the device without access control via network.
A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.

Thankfully, no exploitation of the bug in the wild has been detected yet.

Patch Released

As revealed, the vulnerability affected the SWARCO CPU LS4000 with operating systems beginning with G4.

Following the researcher’s report, the vendors worked on a fix to address the flaw. While they have released the patch to fix the bug and close the port, users should make sure to update their systems.

Moreover, US-CERT also advises the users to mitigate the flaw via the following.

  • Ensure minimal network exposure of control systems isolating them from the internet.
  • Protect the control systems and devices via firewall and segregate them from the business network.
  • VPN must be used when remotely accessing the secured devices.

SWARCO is an established vendor of traffic control systems with headquarters in Germany and covering the European region.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!