Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking

A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. Cyber offensive researcher Rustam Amin informed the US Cybersecurity and Infrastructure Security Agency that he had identified critical and high-severity vulnerabilities in Econolite EOS, a traffic controller software developed for the Econolite Cobalt and other advanced transportation controllers. The California-based vendor's website says it has deployed more than 360 systems, 150,000 traffic cabinets, 120,000 traffic controllers, and over 160,000 sensors. In December 2022, the company reported reaching more than 10,000 installations of its EOS software. One, rated 'critical severity' and tracked as CVE-2023-0452, has been described by CISA as an issue related to the use of a weak algorithm for hashing privileged user credentials. "A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians," CISA said in its advisory. The second issue, tracked as CVE-2023-0452 and rated 'high severity', is an improper access control issue. An attacker can view log, database and configuration files that can contain username and password hashes for users, including administrators and technicians. These vulnerabilities can allow a remote, unauthenticated attacker to gain full control of traffic control functions. Amin has conducted an internet search to see how many EOS systems are exposed to attacks from the web. He told SecurityWeek that he identified roughly 50 exposed controllers that are running older firmware. These systems are not affected by the flaws he discovered, but they are still not secure. He discovered approximately 30 controllers running 2018-2020 versions of the EOS software and these systems are vulnerable to remote attacks. He also found roughly 500 instances of associated devices that can be found in the affected controllers' proximity, including routers and cameras, which have their own security issues. The researcher explained in a post on LinkedIn that the vulnerable devices are typically located on toll roads and in small cities and counties. While the exposed devices are not in major cities, they do appear to be near international airports, border crossings, shopping centers, universities and hospitals. A hacker who successfully exploits these vulnerabilities can control traffic lights, but the researcher pointed out that they cannot turn all the lights green, which would have a serious safety impact. "Still, an attacker can make it very hard to pass the controlled crossroad, making green very short, and red very long, or just green very long in one direction," the researcher explained. "An attacker can create VIP routes for runaway vehicles [and] slow down some targeted vehicles, like ones with valuable things. And much more. People will lose time, money and hopefully not their life." He added that once they have access to the controller, an attacker can also hack related equipment, such as sensors and cameras. The vendor has not responded to SecurityWeek's request for comment. CISA initially said in its advisory that Econolite had not responded to the agency's attempts to coordinate disclosure of the vulnerabilities. After Amin described the impact of his findings on LinkedIn, CISA updated its advisory to say that the company is working on patches. Until patches are released, Amin recommends disconnecting affected controllers from the internet, ensuring that controller cabinets are secure against physical attacks, isolating the networks housing controllers, installing firmware updates when available, and changing passwords and WLAN access codes. Amin told SecurityWeek that the Econolite EOS vulnerabilities were discovered as part of a bigger research project whose results will be made public in the upcoming period.

This Cyber News was published on www.securityweek.com. Publication date: Wed, 01 Feb 2023 12:46:03 +0000


Cyber News related to Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking

Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking - A researcher has discovered two potentially serious vulnerabilities affecting Econolite traffic controllers. Exploitation of the security flaws can have serious real-world impact, but they remain unpatched. Cyber offensive researcher Rustam Amin ...
1 year ago Securityweek.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Encouraging Ethical Hacking Skills in Students - This article delves into the significance of encouraging ethical hacking skills in students and the numerous benefits it offers to individuals and society as a whole. Possessing ethical hacking skills can provide students with a competitive advantage ...
1 year ago Securityzap.com
Hijacking Your Bandwidth How Proxyware Apps Open You Up to Risk - Is this true? To examine and understand the kind of risks a potential user might be exposed to by joining such programs, we recorded and analyzed network traffic from a large number of exit nodes of several different network bandwidth sharing ...
1 year ago Trendmicro.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
5 months ago Securityweek.com
Calling Home, Get Your Callbacks Through RBI - Following a brief introduction to the technology, we share our firsthand experiences when encountering RBI solutions and techniques the SpecterOps team have employed for establishing command and control to systems that proxy traffic through RBI ...
11 months ago Securityboulevard.com
"Do Not Push To Production" And Other Insecure Code, Demonstrated By An Ethical Hacker - Viewers got to see some interesting vulnerabilities and coding practices that made her demo app pretty open to exploits. A friend of mine published a book about it over 25 years ago, called The Happy Hacker. If you're hacking without permission, no ...
1 year ago Securityboulevard.com
Dutch hacker jailed for extortion, selling stolen data on RaidForums - A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide. The suspect, a 21-year-old man from Zandvoort named ...
1 year ago Bleepingcomputer.com
Update your white hat hacking skills with $70 off this training bundle - Ethical hacking is a useful skill set not just for cybersecurity experts, but for every IT worker. The Ultimate 2020 White Hat Hacker Certification Bundle provides 10 detailed courses to get you up to speed on using hacking skills for positive ends. ...
11 months ago Bleepingcomputer.com
CVE-2021-20586 - Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of ...
2 years ago
Understanding Mobile Network Hacking: Risks, Methods, and Safeguarding Measures - In an era dominated by mobile connectivity, the security of mobile networks has become a critical concern. Mobile network hacking refers to unauthorized access and manipulation of mobile communication systems, posing significant risks to individuals ...
1 year ago Cybersecurity-insiders.com
Kasada Embraces Machine Learning to Reduce Bot Traffic - Kasada has updated its bot defense platform to add hundreds of sensors and machine learning algorithms that detect, in real-time, code that might otherwise bypass legacy approaches to detecting machine-generated traffic rather than that generated by ...
11 months ago Securityboulevard.com
Insights into your unpatched vulnerabilities - Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world. In the 100 most prevalent unpatched vulnerabilities, the majority are found in software by Adobe, Zoom, and Mozilla. One critical vulnerability was ...
1 year ago Malwarebytes.com
CISA: Russian hackers target TeamCity servers since September - CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023. APT29 is ...
1 year ago Bleepingcomputer.com
Syrian Threat Group Peddles Destructive SilverRAT - The group behind a sophisticated remote access Trojan, SilverRAT, has links to both Turkey and Syria and plans to release an updated version of the tool to allow control over compromised Windows systems and Android devices. According to a threat ...
11 months ago Darkreading.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
10 months ago Apnews.com
Learn Cybersecurity Skills From Scratch for Just $30 Through January 1 - Save on tech services or switch to a lucrative new tech career in 2024 by training at your own pace to develop high-demand cybersecurity skills. On sale from 12/26 through 1/1. We may be compensated by vendors who appear on this page through methods ...
11 months ago Techrepublic.com
Hackers from North Korea Aimed at Medical and Energy Industries - The North Korean Lazarus hacking group has been identified as the perpetrator of a recent cyber espionage operation known as No Pineapple!. This designation highlights the group's malicious activities and its ability to carry out sophisticated ...
1 year ago Cybersecuritynews.com
Why Bot Management Should Be a Crucial Element of Your Marketing Strategy - Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and ...
7 months ago Imperva.com
Grab 9 Ethical Hacking Courses for $25 and Improve Your Business Security - TL;DR: If you want to improve your knowledge of cybersecurity, The All-in-One Ethical Hacking & Penetration Testing Bundle is available for $24.97. Cybersecurity is a growing industry, projected to be worth $424.97 billion by 2030. Even if you don't ...
11 months ago Techrepublic.com
Vulnerability in Critical Cellular Devices Could Allow Snooping on Telecom Networks - A researcher has discovered a critical vulnerability in Baicells Technologies' wireless communication base stations that can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic. Baicells ...
1 year ago Securityweek.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
10 months ago Darkreading.com
DNS Tunneling Abuse Expands to Tracking & Scanning Victims - Attackers are taking malicious manipulation of DNS traffic to the next level, abusing DNS tunneling to scan a victim's network infrastructure as well as track victims' online behavior. Researchers from Palo Alto Networks' Unit 42 have identified ...
7 months ago Darkreading.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)