CVE-2020-12493

Name of the Vulnerable Software and Affected Versions SWARCO CPU LS4000 Series versions starting with G4

Description The issue concerns an open port used for debugging in the SWARCO CPU LS4000 Series, which grants root access to the device without access control via the network. A malicious user could exploit this to gain access to the device and disrupt operations with connected devices. Researchers from the German company ProtectEM discovered this vulnerability, which could allow an attacker to control or disable traffic lights, for example, by turning the green light on at an entire intersection simultaneously. Although there is no internet entry point, physical access to one device could provide access to the entire city's traffic light network.

Recommendations For SWARCO CPU LS4000 Series versions starting with G4, consider disabling the debugging port as a temporary workaround until a patch is available. Restrict physical access to the devices to minimize the risk of exploitation.