Multiple critical security vulnerabilities have been identified in six different Automatic Tank Gauge (ATG) systems from five manufacturers [1] [2] [3], posing significant risks of remote attacks that could lead to physical damage, environmental hazards [1] [2] [3], and economic losses [1] [2] [3].

Description

Thousands of ATGs are connected to the internet [1] [2] [3], making them attractive targets for malicious actors looking to exploit these vulnerabilities. The vulnerabilities impact six ATG models [1] [2] [3], with eight flaws rated as critical [1] [2] [3], granting full administrator privileges and [1] [2], in some cases, access to the operating system. Exploiting these vulnerabilities could result in denial-of-service attacks and physical harm to the devices [3]. Additionally, security flaws have been found in the OpenPLC solution and the Riello NetMan 204 network communications card [3], allowing for remote code execution and control over UPS systems [3]. The AJCloud IP camera management platform also contains critical vulnerabilities that could expose sensitive user data and provide attackers with full remote control of connected cameras [3]. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about the heightened threats to internet-accessible operational technology (OT) and industrial control systems (ICS) devices [3], highlighting the importance of securing these systems to prevent potential harm [3].

Conclusion

The disclosure of these vulnerabilities underscores the urgent need for enhanced security measures to protect ATGs and other internet-connected devices from remote attacks. Mitigating these risks requires immediate action to address the identified flaws and implement robust security protocols. Failure to secure these systems could result in severe consequences, including physical damage [1] [2] [3], environmental hazards [1] [2] [3], and economic losses [1] [2] [3]. As threats to OT and ICS devices continue to evolve, organizations must prioritize cybersecurity to safeguard critical infrastructure and prevent potential harm.

References

[1] https://owasp.or.id/2024/09/30/critical-flaws-in-tank-gauge-systems-expose-gas-stations-to-remote-attacks/
[2] https://patabook.com/technology/2024/09/30/critical-flaws-in-tank-gauge-systems-expose-gas-stations-to-remote-attacks/
[3] https://thehackernews.com/2024/09/critical-flaws-in-tank-gauge-systems.html