Econolite EOS (Update A)

Act Now9.8ICS-CERT ICSA-23-026-02Jan 26, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Econolite EOS versions prior to 3.2.23 contain inadequate access controls (CWE-284, CWE-328) that allow unauthenticated remote attackers to gain full administrative control over the traffic management system. The vulnerability enables manipulation of system settings, traffic signal timing, and operational parameters without any credentials or user interaction. EOS is a centralized traffic signal control and management platform used to coordinate traffic signals across municipalities and transportation networks.

What this means

What could happen

An attacker with network access to an EOS traffic management system could gain full administrative control, manipulate traffic signal timing or operation, or disrupt transportation safety systems without any authentication.

Who's at risk

Traffic management authorities and municipalities deploying Econolite EOS systems for signal control and coordination. This affects cities and traffic operations centers relying on EOS for intersection management, arterial coordination, and adaptive signal timing.

How it could be exploited

An attacker can connect directly to the EOS system over the network and execute arbitrary commands or access sensitive data due to missing or inadequate access controls. No credentials or special interaction is required, making this exploitable remotely from any network segment that can reach the EOS device.

Prerequisites

Network connectivity to the EOS system on its service port
No authentication credentials required

remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 9.8)affects safety systems

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

EOS: < 3.2.23< 3.2.233.2.23

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to EOS systems by implementing firewall rules to limit connections to authorized engineering and management stations only; block all public internet access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Econolite EOS to version 3.2.23 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate traffic management systems from general IT networks and untrusted networks

HARDENINGMonitor network traffic to EOS systems for unauthorized access attempts

CVEs (2)

CVE-2023-0451 CVE-2023-0452

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/68ded622-817f-4c1b-9bed-9411adf339db