Highway Sign Software Vulnerability

Thursday, June 5, 2014 @ 11:06 AM gHale


There is a report of a hardcoded password vulnerability affecting Daktronics Vanguard highway notification sign configuration software, according to a report on ICS-CERT.

The remotely exploitable vulnerability is a hardcoded password that could allow unauthorized access to the highway sign. This report came to ICS-CERT via the Federal Highway Administration.

RELATED STORIES
COPA-DATA Improper Input Validation
Triangle MicroWorks Fixes DoS Hole
Cogent Fixes 3 DataHub Vulnerabilities
Siemens Updates ROS Vulnerability

ICS-CERT informed the affected vendor and asked to confirm the vulnerability and identify mitigations. ICS-CERT issued a report to provide early notice and identify baseline mitigations for reducing risks to these and other cyber security attacks.

Proof of Concept is publicly available. ICS-CERT recommends entities to review sign messaging, update access credentials, and harden communication paths to the signs.

ICS-CERT is currently coordinating with the vendor and researcher to identify mitigations.



Leave a Reply

You must be logged in to post a comment.