The vulnerability, assigned CVE-2025-1727, affects End-of-Train and Head-of-Train remote linking protocols used across the United States transportation infrastructure.
Key Takeaways
1. CVE-2025-1727 affecting all End-of-Train/Head-of-Train protocols with CVSS v4 score of 7.2.
2. Weak BCH checksum authentication allows attackers to use software-defined radio to forge brake control packets.
3. Successful exploitation enables unauthorized brake commands, causing sudden train stops or brake failures.
4. Mitigation includes network isolation, firewall protection, secure VPN access, and manufacturer coordination for protocol updates.
The vulnerability, categorized under CWE-1390 for weak authentication, has been assigned a CVSS v4 base score of 7.2 and a CVSS v3 score of 8.1, indicating high severity.
The CVSS v4 vector string (AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H) reveals that the attack requires adjacent network access but has low complexity and no privileges required.
The vulnerability affects all versions of the End-of-Train and Head-of-Train remote linking protocol, commonly known as FRED (Flashing Rear End Device).
This protocol is maintained by the Association of American Railroads (AAR) Railroad Electronics Standards Committee (RESC) and is used by multiple manufacturers, including Hitachi Rail STS USA, Wabtec, and Siemens.
Technical details reveal that the security flaw stems from the protocol’s reliance on a BCH checksum for packet creation and authentication.
Researchers Neil Smith and Eric Reuter discovered that attackers can exploit this weakness using software-defined radio (SDR) technology to create malicious End-of-Train (EoT) and Head-of-Train (HoT) packets.
Successful exploitation could allow attackers to send unauthorized brake control commands to end-of-train devices, potentially causing sudden train stoppages that disrupt operations or induce brake system failures.
The vulnerability operates over radio frequency (RF) communications, making it particularly concerning for railway infrastructure security.
The alert classifies this as an Industrial Control System vulnerability with low attack complexity but significant potential impact on transportation systems operations.
| Risk Factors | Details |
| Affected Products | End-of-Train and Head-of-Train remote linking protocol (All versions) |
| Impact | Attackers can send unauthorized brake control commands to end-of-train devices, causing sudden train stoppages or brake system failures |
| Exploit Prerequisites | Adjacent network access, Software-defined radio capability, Low attack complexity, No privileges required |
| CVSS 3.1 Score | 8.1 (High) |
CISA recommends several defensive measures to minimize exploitation risks. Organizations should ensure control system devices are not accessible from the internet, implement proper network segmentation with firewalls, and use secure remote access methods like Virtual Private Networks (VPNs).
The Association of American Railroads is actively pursuing new equipment and protocols to replace traditional End-of-Train and Head-of-Train devices.
Standards committees are investigating mitigating solutions, with manufacturers being advised to contact their device suppliers for specific guidance.
CISA emphasizes that no known public exploitation targeting this vulnerability has been reported, and the vulnerability is not remotely exploitable.
However, the agency encourages organizations to implement recommended cybersecurity strategies for the proactive defense of Industrial Control Systems (ICS) assets and report any suspected malicious activity through established procedures.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
The post 20-year-old Vulnerability in Radio Remote Linking Protocol Let Hackers Control Train Brakes appeared first on Cyber Security News.
Nintendo has sued the U.S. government over “unlawful” tariffs, demanding a refund with interest. Aftermath…
The Asus ROG Xbox Ally X is the best Windows gaming handheld PC. No longer…
Nintendo of America is suing the US government over President Trump's tariffs and is demanding…
Whether you’re looking to cosplay as Spider-Man or want to have arguably the best Venom…
The Bear star Jeremy Allen White is making the jump to the Star Wars galaxy…
A new cybercriminal campaign, linked to the notorious Funnull group, has targeted both Content Delivery…
This website uses cookies.