Several severe security vulnerabilities were recently revealed in six different Automatic Tank Gauge (ATG) systems from five manufacturers, potentially opening these systems to dangerous remote attacks. According to Pedro Umbelino, a researcher at Bitsight, these vulnerabilities pose serious real-world threats, enabling malicious actors to cause significant harm such as physical damage, environmental risks, and economic losses.
“These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," said Umbelino in a report published last week.
Worryingly, the analysis identified thousands of exposed ATGs on the internet, increasing their attractiveness as targets for malicious actors aiming to disrupt critical infrastructure, such as gas stations, hospitals, airports, and military bases.
What Are ATGs?
ATGs are sensor systems designed to monitor the contents of storage tanks—commonly fuel tanks—to check for leakage and other important metrics. Unfortunately, any exploitation of security flaws within these systems could lead to serious consequences, such as denial-of-service (DoS) attacks and physical damage to critical equipment.
Details of the Vulnerabilities
The report found a total of 11 newly discovered vulnerabilities affecting six ATG models: Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550. Of these vulnerabilities, eight were classified as critical in severity, including:
These vulnerabilities grant attackers full administrative privileges over the devices and, in some cases, access to the operating system. As Pedro Umbelino warns, "The most damaging attack is making the devices run in a way that might cause physical damage to their components or components connected to it."
Additional Vulnerabilities in OpenPLC, Riello NetMan 204, and AJCloud
Researchers also uncovered critical security flaws in other systems. In the open-source OpenPLC solution, a stack-based buffer overflow vulnerability (CVE-2024-34026, CVSS score: 9.0) was discovered, which could be exploited for remote code execution.
A different set of vulnerabilities was found in Riello NetMan 204, a network communication card used in Uninterruptible Power Supply (UPS) systems. These vulnerabilities, such as CVE-2024-8877 (SQL injection) and CVE-2024-8878 (Unauthenticated password reset), could allow attackers to take control of UPS systems and tamper with logs.
Further security concerns were identified in AJCloud’s IP camera management platform, which could allow attackers to disable cameras or execute remote code.
CISA's Warning on OT/ICS Attacks
As security concerns grow, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) continues to emphasize the growing threats against operational technology (OT) and industrial control systems (ICS) exposed to the internet.
"Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm," CISA warned.
The agency highlights recent cyberattacks targeting critical infrastructure, such as programmable logic controllers (PLCs) and other exposed OT systems.
Addressing Remote Access Risks
Claroty, an industrial cybersecurity company, also raised concerns over the increasing deployment of remote access tools in OT environments. These tools create security and operational risks, with 55% of organizations deploying four or more remote access solutions.
Claroty advises engineers and asset managers to minimize the use of low-security remote access tools, especially those with vulnerabilities or lacking critical security features such as multi-factor authentication (MFA).
October 01, 2024
October 01, 2024
October 01, 2024
September 20, 2024
September 06, 2024
September 04, 2024
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
