End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication

The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting operations or potentially overwhelming the brake systems.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-1390

AAR End-of-Train and Head-of-Train remote linking protocol 安全漏洞

AAR End-of-Train and Head-of-Train remote linking protocol是美国AAR公司的一个火车控制协议。 AAR End-of-Train and Head-of-Train remote linking protocol存在安全漏洞，该漏洞源于远程链接协议依赖BCH校验和，可能导致制动控制命令被恶意执行。

N/A

N/A