HomeBreaking Newshacking

Critical flaw could have allowed attackers to control traffic lights

A critical vulnerability in traffic light controllers manufactured by SWARCO could have been exploited by attackers to disrupt traffic lights. A criti

A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges
Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East
Coronavirus-themed campaign delivers a new variant of Netwalker Ransomware

A critical vulnerability in traffic light controllers manufactured by SWARCO could have been exploited by attackers to disrupt traffic lights.

A critical vulnerability in traffic light controllers designed by SWARCO could have been exploited by hackers to disrupt traffic lights.

SWARCO is the world’s largest manufacturer of signal heads and the number two internationally for reflective glass beads.

Researchers at ProtectEM discovered that SWARCO’s CPU LS4000 traffic light controllers have an open port designed for debugging that could be exploited by attackers.

The flaw, tracked as CVE-2020-12493, is an “improper access control” issue that could allow hackers to grant root access to the device without access control via network.

“An open port used for debugging grants root access to the device without access control via network.” reads the security advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The flaw could be exploited by low-skilled attackers, it was rated with a CVSS score of 10 and affects all OS versions starting with G4 SWARCO of CPU LS4000.

“An open port used for debugging grants root access to the device without access control via network.” reads the advisory published by the CERT-VDE

“A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.”

ProtectEM researchers reported the vulnerability to the vendor in July 2019, which released a patch in April.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Germany’s VDE CERT recently published advisories for the vulnerability.

The good news is that this family of systems is not exposed online and attackers need physical access to the targeted network to exploit the flaw.

An attacker that could achieve physical access to vulnerable controllers in a city could cause the caps by deactivating traffic lights simultaneously.

The researchers demonstrated how an attacker could control traffic lights and manipulated them to cause traffic accidents or traffic jams.

Pierluigi Paganini

(SecurityAffairs – traffic lights, cybersecurity)

Share this…
Share on Facebook

Facebook

Tweet about this on Twitter

Twitter

Share on LinkedIn

Linkedin

Share on Reddit

Reddit

Pin on Pinterest

Pinterest




COMMENTS

WORDPRESS: 0
%d bloggers like this:
Close Bitnami banner
Bitnami