When the MAJ Rail device receives a specially crafted SNMP trap packet with a community string longer than 256 bytes, the snmp_handler function writes past the stack buffer. This overflow reliably triggers a reverse shell on port 4444/tcp. The “new crack” automates this with a single Python script.
The certifying authority (ISA Secure) has released an emergency directive. No automatic updates exist as of this writing; manual intervention is required. maj rail new crack
For surface-breaking MAJ new cracks (those just emerging from the head-web fillet), ECA offers unmatched sensitivity. The latest portable arrays from Olympus and Eddyfi can detect cracks as shallow as 0.05mm deep. Importantly, ECA differentiates between harmless surface scratches and genuine “new cracks” via phase analysis. When the MAJ Rail device receives a specially
Before dissecting the crack, we must define the target. MAJ Rail (Mitsubishi-Alstom-Joint Rail) is a legacy communication protocol stack and hardware suite used in over 40% of metro systems across Southeast Asia, Eastern Europe, and select U.S. light rail lines. Initially deployed in the early 2010s, MAJ Rail handles: MAJ Rail handles:
The system was designed for air-gapped operational technology (OT) networks. However, with the push for intelligent transportation systems (ITS), many agencies have bridged MAJ Rail nodes to corporate IT networks—creating exactly the attack surface the new crack exploits.