OTPulse
FeedAboutContact

End-of-Train and Head-of-Train Remote Linking Protocol (Update C)

Plan Patch8.1ICS-CERT ICSA-25-191-10Jul 10, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The End-of-Train and Head-of-Train remote linking protocol (all versions) contains a vulnerability that allows an attacker on the local network to send unauthorized brake control commands to the device without authentication. Successful exploitation could cause sudden train stoppage or brake failure, disrupting rail operations. The vulnerability exists because the protocol does not authenticate or encrypt brake commands. No vendor patch is available; the industry (Association of American Railroads) is developing replacement equipment and protocols.

What this means
What could happen
An attacker with local network access to an End-of-Train or Head-of-Train device could send forged brake control commands, causing the train to stop suddenly or brake failure, disrupting rail operations and risking safety.
Who's at risk
Rail operators and freight carriers using End-of-Train (EoT) or Head-of-Train (HoT) remote linking protocol devices from Wabtec, Siemens, or DPS Electronics. This affects train safety and operational continuity.
How it could be exploited
An attacker must be on the same local network (or wireless network) as the EoT/HoT device. They can craft and send brake control commands using the standard protocol without authentication. The device will execute the commands, triggering unwanted braking or brake failure.
Prerequisites
  • Local network access to the EoT/HoT device (not remotely exploitable)
  • No credentials or special configuration required
  • Ability to send protocol-compliant messages on the same network segment
No authentication requiredLow complexity to exploitNo patch available (end-of-life equipment)Affects safety-critical operationsWireless protocol vulnerable on local network
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
End-of-Train and Head-of-Train remote linking protocol: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/4
HARDENINGImplement network segmentation to isolate rail control devices from guest/business networks and the internet
HARDENINGDeploy firewall rules to restrict traffic to EoT/HoT devices to only authorized rail operations equipment and personnel
HARDENINGDisable wireless connectivity on EoT/HoT devices if not operationally required
HARDENINGIf remote access is necessary, implement a VPN with current security patches to access rail control networks
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor traffic to EoT/HoT devices for anomalous brake commands and unauthorized network access attempts
HOTFIXContact device manufacturer (Wabtec, Siemens, DPS Electronics) to inquire about firmware updates or mitigations when available
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ea5bffdc-aa63-499b-b3c8-8fd6a858a798