Safety & Security

Frauscher PSIRT

We at Frauscher stand for safety in rail transport and individual solutions for our customers. That is why we have introduced a process for security-relevant topics, which helps us to react as quickly as possible to alleged security risks. We work according to a comprehensive approach to secure our products, services and individual solutions. 

For this purpose, we have established our Product Security Incident Response Team (PSIRT). You can reach our experts via the contact options listed at the bottom of the page.


How does it work?

Reporting

When you report a potential security risk to our experts, you will receive a confirmation from our Product Security Incident Response Team after a careful review.

Expert analysis

The potential risk will be analysed closely by our experts. If desired, you will receive regular status reports on the progress of the analysis.

Implementation

In this step, any necessary immediate measures are implemented, and long-term measures are planned.

Publication

The publication of the results and measures will be available on this page.

Security advisory

Publication Date: 11.12.2023

CVE-ID: CVE-2023-5500 
CVSS v3.1 Base Score: 8.8 
CVSS Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-ID: CWE-94

Summary
Frauscher Sensortechnik GmbH FDS102 for FAdC/FAdCi v2.10.1 is vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface by using an authenticated session cookie. 
This could lead to a full compromise of the FDS102 device.

Affected versions
v2.10.0 and v2.10.1 FDS102 versions

Mitigation
Security-related application conditions SecRAC
The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS102.
The recommendation is to connect the Frauscher Diagnostic System FDS102 to a network of category 2. If the Frauscher Diagnostic System FDS102 is connected to a network of category 3 
(according to EN 50159:2010), then additional protective measures must be added.

Remediation
Update to FDS102 v2.10.2 or higher

Contact Frauscher PSIRT

You can contact our experts directly with all security-related questions and comments about our products and solutions. You are also welcome to report potential security risks or problems via this channel. Our experts will get back to you as soon as possible.