University of Michigan was given permission and was able to hack traffic light systems
And the traffic lights had unencrypted wireless communications, default passwords and a port on the system that is easy to attack.
The MIT paper link
Unfortunately this manufacturer did not pay too much attention to security.
This is also not necessarily the fault of the manufacturer (default passwords) as some aspects need to be set up by the engineering firm that was paid to set up the traffic lights.
Sure the manufacturer could set up encrypted communications, and not leave ports open to attack, but the password should be changed.
Apparently the cities and engineering firms are not concerned since it has not happened yet. (where a traffic light has been hacked for nefarious uses (and surely it will not).
Part of the problem is that since this is a security issue, everything becomes confidential and nothing gets fixed as far as we know.
It is not obvious who the manufacturer is, although a look at the picture:
Like this SP-300: