SWARCO CPU LS4000

Act Now10ICS-CERT ICSA-20-154-06Jun 2, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SWARCO CPU LS4000 traffic signal controller contains an access control vulnerability (CWE-284) that allows unauthenticated network access to the device. Successful exploitation could allow an attacker to access the device and disrupt traffic signal operations or connected devices. The vulnerability affects all OS versions G4 and later.

What this means

What could happen

An attacker could gain access to the CPU LS4000 traffic control device and alter signal timings, phase sequencing, or disable traffic management, causing congestion, safety hazards, or emergency response delays.

Who's at risk

Traffic management personnel and transportation operators who rely on SWARCO CPU LS4000 traffic signal controllers. This affects any city or municipality using these controllers for intersections or signal coordination.

How it could be exploited

An attacker on the network sends unauthenticated requests to the CPU LS4000 over the network. The device accepts the request without credential verification due to insufficient access controls. The attacker gains command execution on the device and can modify traffic signal behavior or stop operations.

Prerequisites

Network access to CPU LS4000 device
No authentication required

remotely exploitableno authentication requiredlow complexityaffects critical infrastructure (traffic management)high CVSS score (10.0)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

CPU LS4000: All OS≥ G4Fix available

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate CPU LS4000 devices behind firewalls and remove direct access from business network

HARDENINGEnsure CPU LS4000 devices are not directly accessible from the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply firmware patch from SWARCO TRAFFIC SYSTEMS to close the network port and fix the vulnerability

Long-term hardening

0/1

HARDENINGIf remote access is required, implement secure VPN connections with current security updates

CVEs (1)

CVE-2020-12493

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/12b2a630-1ff7-43ce-b489-187abbe133dd