Multiple 0-Day Flaws in Automated Tank Gauge Systems Threaten Critical Infrastructure

Cybersecurity researchers from BitSight TRACE have uncovered multiple 0-day vulnerabilities in Automated Tank Gauge (ATG) systems, which are integral to managing fuel storage tanks across various critical infrastructures.

These vulnerabilities in six ATG systems from five vendors pose significant threats to public safety and economic stability.

The flaws could potentially be exploited by malicious actors to cause physical damage, environmental hazards, and economic losses.

The Role of ATG Systems in Critical Infrastructure

Automatic Tank Gauging (ATG) systems are designed to automatically measure and record product level, volume, and temperature in storage tanks.

These systems are used in gas stations and are prevalent in military bases, hospitals, airports, emergency services, and power plants.

They are crucial in ensuring compliance with environmental regulations and optimizing inventory management. However, their exposure to the internet makes them vulnerable targets for cyberattacks.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Details of the Vulnerabilities

The investigation by BitSight TRACE identified 11 vulnerabilities across several ATG models. These include OS command injection, authentication bypasses, hardcoded credentials, and SQL injection vulnerabilities.

Each flaw allows attackers to gain full administrative control over the ATG systems.

The vulnerabilities have been assigned CVE identifiers with critical CVSS scores, highlighting their severity: here is a summary of the CVE table data related to the vulnerabilities found in Automated Tank Gauge (ATG) systems:

Product	Vulnerability Type	CVE	CVSS 3.1 Score
Maglink LX	OS Command Injection	CVE-2024-45066	10.0
Maglink LX	OS Command Injection	CVE-2024-43693	10.0
Maglink LX4	Hardcoded Credentials	CVE-2024-43423	9.8
OPW SiteSentinel	Authentication Bypass	CVE-2024-8310	9.8
Proteus® OEL8000	Authentication Bypass	CVE-2024-6981	9.8
Maglink LX	Authentication Bypass	CVE-2024-43692	9.8
Alisonic Sibylla	SQL Injection	CVE-2024-8630	9.4
Maglink LX	XSS	CVE-2024-41725	8.8
Maglink LX4	Privilege Escalation	CVE-2024-45373	8.8
Franklin TS-550	Arbitrary File Read	CVE-2024-8497	7.5

These security flaws reflect fundamental design issues that should have been addressed long ago.

The exploitation of these vulnerabilities could lead to severe consequences:

1. Denial of Service (DoS): Attackers could disable ATG systems by reconfiguring settings or flashing faulty firmware.
2. Physical Damage: By altering critical parameters such as tank geometry and capacity, attackers could cause fuel leaks or disable alarms.
3. Data Theft: Sensitive operational data could be captured and sold to third parties.
4. Network Intrusion: Vulnerable ATG systems could serve as entry points for further attacks on internal networks.

These scenarios underscore the urgent need for enhanced security measures to protect these systems from exploitation.

Coordinated Efforts for Mitigation

BitSight has been working closely with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to mitigate these vulnerabilities through responsible disclosure.

They have collaborated with affected vendors for six months to develop remediation strategies.

CISA has published advisories to guide organizations in securing their ATG systems against potential attacks.

The discovery of these vulnerabilities highlights the critical need for improved cybersecurity practices in industrial control systems like ATGs.

These systems are integral to national infrastructure, so their security must be prioritized to prevent potential disasters. Organizations are urged to disconnect ATGs from the internet and implement robust security measures to safeguard against future threats.

Image of an Automated Tank Gauge SystemAs the industry moves towards a “secure by design” philosophy, it is imperative that manufacturers and operators work together to address these vulnerabilities and protect critical infrastructure from cyber threats. 

Analyse AnySuspicious Links Using ANY.RUN's New Safe Browsing Tool: Try It for Free