SWARCO: Critical Vulnerability in CPU LS4000

VDE-2020-016

Last update

05/28/2020 15:00

Published at

05/28/2020 15:00

Vendor(s)

SWARCO TRAFFIC SYSTEMS GmbH

External ID

VDE-2020-016

CSAF Document

Download

Summary

An open port used for debugging grants root access to the device without access control via network.

Impact

A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.

Affected Product(s)

Model no.	Product name	Affected versions
	SWARCO Hardware CPU LS4000	Firmware G4*

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:58

Severity

10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness

Improper Access Control (CWE-284)

Summary

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices.

References

cve.org | nvd.nist.gov

Remediation

SWARCO TRAFFIC SYSTEMS released a patch to fix the vulnerability and close the port. Please contact your SWARCO TRAFFIC SYSTEMS contact person for further information.

Revision History

Version	Date	Summary
1	05/28/2020 15:00	Initial revision.

SWARCO: Critical Vulnerability in CPU LS4000

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2020-12493 10

Remediation

Revision History