Multiple critical vulnerabilities reported in Automatic Tank Gauge systems used in fuel storage tanks
Take action: If your organization uses fuel tanks, check for the Automatic Tank Gauge (ATG) system, and the advisory. If you are using ATG, make sure they are not accessible from the internet - preferably isolated only to a trusted network. Then plan to patch them. If the devices are end-of-life, make sure they are isolated and consider their replacement for next year's budget.
Learn More
A series of critical vulnerabilities have been discovered in the Automatic Tank Gauge (ATG) systems used in fuel storage tanks, which are integral to monitoring fuel levels and detecting leaks in locations such as petrol stations, military bases, airports, hospitals, and power plants.
These vulnerabilities, identified by researchers at Bitsight TRACE, affect systems from five different vendors. Despite repeated warnings, thousands of ATG systems remain accessible over the Internet, making them prime targets for cyberattacks with potentially severe physical, environmental, and economic impacts.
If these vulnerabilities are exploited, attackers could perform a range of damaging actions, including:
- Changing tank settings, falsely increasing capacity to cause overflows and environmental spills.
- Disabling alarms, which would prevent operators from detecting when a tank is full, increasing the chance of dangerous fuel leaks.
- Capturing sensitive corporate data through insecure Telnet connections and selling this information to third parties.
- Shutting down networking services by modifying IP card settings, disrupting essential services such as those in hospitals or power plants.
- Physically damaging components, such as forcing relays to operate at high speeds, potentially causing failures in critical connected systems like ventilation or emergency valves.
- Coordinating physical attacks, using gathered data on fuel levels to plan kinetic attacks, such as bombing a location to cause maximum damage.
Bitsight identified 10 vulnerabilities across several vendors:
| PRODUCT | VULNERABILITY TYPE | CVE | CVSS score |
|---|---|---|---|
| Maglink LX | OS Command Injection | CVE-2024-45066 | 10.0 |
| Maglink LX | OS Command Injection | CVE-2024-43693 | 10.0 |
| Maglink LX4 | Hardcoded credentials | CVE-2024-43423 | 9.8 |
| OPW SiteSentinel | Authentication Bypass | CVE-2024-8310 | 9.8 |
| Proteus® OEL8000 | Authentication Bypass | CVE-2024-6981 | 9.8 |
| Maglink LX | Authentication Bypass | CVE-2024-43692 | 9.8 |
| Alisonic Sibylla | SQL Injection | CVE-2024-8630 | 9.4 |
| Maglink LX | XSS | CVE-2024-41725 | 8.8 |
| Maglink LX4 | Privilege Escalation | CVE-2024-45373 | 8.8 |
| Franklin TS-550 | Arbitrary File Read | CVE-2024-8497 | 7.5 |
Several of these vulnerabilities allow attackers to gain full administrative control over the devices. While some of these vulnerabilities have been addressed with patches, three remain without fixes, particularly affecting OPW's SiteSentinel and OMNTEC's Proteus OEL8000 systems. These unfixed vulnerabilities include:
- CVE-2024-8310 (9.8 CVSS), which affects OPW's SiteSentinel system.
- CVE-2024-6981 (9.8 CVSS), which impacts OMNTEC's Proteus OEL8000.
CISA and Bitsight recommend several mitigation strategies, including:
- Upgrading vulnerable devices to the most recent software versions if patches are available.
- Placing ATG systems behind firewalls and isolating them from business networks.
- Ensuring that these systems are not accessible from the public internet. If remote access is necessary, organizations should use a secure VPN.
- For devices that cannot be patched or are end-of-life, such as OPW’s SiteSentinel, users are advised to remove them from the Internet entirely.
