Jon Gaines

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: An incorrect access control issue exists in the EEPROM component, allowing attackers to replace password hashes stored in the EEPROM with their own hashes. This leads to escalation of privileges to root. Recommendations: Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.2.0.829.23. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.8.0.1119.42. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 4.6.0.1211.28.

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) contain an unauthenticated EFI shell. This allows attackers to execute arbitrary code or escalate privileges during the boot process. Recommendations: Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 4.6.0.1211.28. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 3.8.0.1119.42. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 3.2.0.829.23.

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs) lack SPI Protected Range Registers (PRRs). This allows attackers with software running on the system to modify SPI flash in real-time. Recommendations: Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version with SPI Protected Range Registers (PRRs) implemented.

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9260 RSU LEO versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9260 RSU LEO software has the Android Debug Bridge (ADB) pre-installed and enabled by default. This allows unauthenticated root shell access to the cellular modem via the default `kapsch` user. The ADB is located at `/mnt/c3platpersistent/opt/platform-tools/adb`. Recommendations: Disable the Android Debug Bridge (ADB) on versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28. Restrict access to the `/mnt/c3platpersistent/opt/platform-tools/adb` directory. Change the default `kapsch` user password.

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs) lack secure password requirements for the BIOS Supervisor and User accounts. This allows attackers to bypass authentication through a bruteforce attack. Recommendations: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 3.2.0.829.23: Implement strong password policies for BIOS Supervisor and User accounts. Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 3.8.0.1119.42: Implement strong password policies for BIOS Supervisor and User accounts. Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) version 4.6.0.1211.28: Implement strong password policies for BIOS Supervisor and User accounts.

**Name of the Vulnerable Software and Affected Versions** Fossil version 2.18 **Description** The issue allows attackers to cause a denial of service, resulting in a daemon crash, by utilizing an XSS payload in a ticket. This happens because ticket data is stored in a temporary file, and the product fails to handle the file's absence properly after it has been flagged as malware by Windows Defender. **Recommendations** For Fossil version 2.18, consider updating to a newer version that addresses this issue, or as a temporary workaround, implement additional security measures to prevent XSS payloads in tickets.