Security patch implemented for CPU of LS4000 traffic controller

As a manufacturer of traffic control equipment SWARCO has been working successfully for decades in the sector of critical infrastructures where strict security standards apply.

In the course of regular product vulnerability checks, a safety gap concerning the CPU of our traffic controller type LS 4000 was identified. The finding was that there was an open QNX Debug port allowing unauthorised root access to the CPU.

Already in February this year, the SWARCO experts took immediate action to remedy the problem by providing customers of the concerned equipment for intersection control with a security patch to close the port and update the firmware version of the traffic controller. SWARCO service technicians carry out the update within the framework of maintenance contracts in place with operators of critical infrastructures. The execution of the corresponding script takes maximum three minutes and can be done directly at the controller or remotely without having to interrupt operation.

It is important to note that the controllers are generally not operated in publicly accessible networks, so the vulnerability risk has been very low. At no time the safe function of traffic lights controlled by the LS4000, and with this the safe function of traffic flows at the corresponding intersections, was compromised.

More detailed information on this topic can be obtained from

D-72669 Unterensingen
Mr. Michael Mohos