CVE-2025-1727
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-07-15

Assigner: ICS-CERT

Description
The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting operations or potentially overwhelming the brake systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-07-15
Generated
2026-05-07
AI Q&A
2025-07-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-1727
EUVD
EUVD-2025-21087
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1390 The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the protocol used for remote linking over RF for End-of-Train (EoT) and Head-of-Train (HoT) devices, which relies on a BCH checksum for packet creation. An attacker can use a software defined radio to create EoT and HoT packets and issue unauthorized brake control commands to the EoT device, potentially disrupting train operations or overwhelming the brake systems.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing an attacker to disrupt train operations through unauthorized brake control commands. This could lead to operational disruptions or potentially overwhelming the brake systems, posing safety risks and operational challenges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart