Share: Email | Twitter

ID

VDE-2020-016

Published

2020-05-28 15:00 (CEST)

Last update

2022-03-01 11:07 (CET)

Vendor(s)

SWARCO TRAFFIC SYSTEMS GmbH

Product(s)

Article No° Product Name Affected Version(s)
CPU LS4000 G4*

Summary

An open port used for debugging grants root access to the device without access control via network.


Last Update:

June 26, 2020, 1:06 p.m.

Weakness

Improper Access Control  (CWE-284) 

Summary

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.


Impact

A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.

Solution

SWARCO TRAFFIC SYSTEMS released a patch to fix the vulnerability and close the port. Please contact your SWARCO TRAFFIC SYSTEMS contact person for further information.

Reported by

Martin Aman (ProtectEM) reported this vulnerability.
Coordinated by CERT@VDE.