0-day flaws in Automated Tank Gauge systems threaten critical infrastructure.

Home/BOTNET, Compromised, Exploitation, Security Advisory, Security Update, vulnerability, Zero Day Attack/0-day flaws in Automated Tank Gauge systems threaten critical infrastructure.

0-day flaws in Automated Tank Gauge systems threaten critical infrastructure.

Researchers at BitSight TRACE found multiple 0-day vulnerabilities in ATG systems used to manage fuel storage tanks, posing risks to public safety and economic stability. These flaws could lead to physical damage, environmental hazards, and financial loss.

0-day flaws in Automated Tank Gauge systems

Automatic Tank Gauging (ATG) systems monitor and record fuel levels, volume, and temperature in storage tanks. These systems are essential for gas stations, military bases, airports, hospitals, and power plants, ensuring environmental compliance and efficient inventory management.

However, due to their internet connectivity, ATG systems are at risk of cyberattacks, making them potential targets for malicious actors who could disrupt critical infrastructure or cause environmental and economic damage. This vulnerability highlights the need for stronger security measures in these crucial systems.

All about the Vulnerability

BitSight TRACE discovered 11 critical vulnerabilities in ATG systems, including OS command injection, authentication bypasses, hardcoded credentials, and SQL injection. These flaws grant attackers full administrative control. Each vulnerability has a CVE identifier and high CVSS scores, emphasizing their severity.

ProductVulnerability TypeCVECVSS 3.1 Score
Maglink LXOS Command InjectionCVE-2024-4506610.0
Maglink LXOS Command InjectionCVE-2024-4369310.0
Maglink LX4Hardcoded CredentialsCVE-2024-434239.8
OPW SiteSentinelAuthentication BypassCVE-2024-83109.8
Proteus® OEL8000Authentication BypassCVE-2024-69819.8
Maglink LXAuthentication BypassCVE-2024-436929.8
Alisonic SibyllaSQL InjectionCVE-2024-86309.4
Maglink LXXSSCVE-2024-417258.8
Maglink LX4Privilege EscalationCVE-2024-453738.8
Franklin TS-550Arbitrary File ReadCVE-2024-84977.5

Exploiting these vulnerabilities can lead to severe outcomes:

  • Denial of Service (DoS): Attackers can disable ATG systems by altering settings or firmware.
  • Physical Damage: Manipulating tank parameters could cause fuel leaks or disable alarms.
  • Data Theft: Sensitive data may be stolen and sold.
  • Network Intrusion: ATG systems could become gateways for further attacks.

These risks highlight the need for stronger security to protect these systems.

Mitigation

BitSight worked with CISA and vendors to address ATG vulnerabilities over six months. CISA has issued advisories to help secure systems. Organizations should disconnect ATGs from the internet and prioritize cybersecurity to prevent potential attacks.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-09-26T19:40:20+05:30 September 26th, 2024|BOTNET, Compromised, Exploitation, Security Advisory, Security Update, vulnerability, Zero Day Attack|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!