SWARCO: Critical Vulnerability in CPU LS4000
A critical Vulnerability was found in SWARCO TRAFFIC SYSTEMS CPU LS4000
VDE-2020-016 (2020-05-28 14:00 UTC+0100)
CVE Identifier
CVE-2020-12493Affected Vendors
SWARCO TRAFFIC SYSTEMS
Affected Products
CPU LS4000: All OS versions starting with G4
Vulnerability Type
CWE-284 (Improper Access Control)
Summary
An open port used for debugging grants root access to the device without access control via network.
Impact
A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.
Solution
SWARCO TRAFFIC SYSTEMS released a patch to fix the vulnerability and close the port. Please contact your SWARCO TRAFFIC SYSTEMS contact person for further information.
Reported by
Martin Aman (ProtectEM) reported this vulnerability.
Coordinated by CERT@VDE.