登录查看更多内容

Critical Vulnerabilities in Tank Gauge Systems Expose Gas Stations to Remote Attacks

KairoSols

Get Secured

发布日期: 2024年9月30日

Six different Automatic Tank Gauge (ATG) systems from five manufacturers have been found to have critical security vulnerabilities, exposing them to potential remote attacks.

"These vulnerabilities pose serious risks, as they could be exploited by malicious actors to cause widespread damage, including physical harm, environmental hazards, and economic losses," said Pedro Umbelino, a researcher at Bitsight, in a report published last week.

The analysis revealed that thousands of ATGs are accessible via the internet, making them attractive targets for cyberattacks aimed at disrupting gas stations, hospitals, airports, military bases, and other critical infrastructure.

ATGs are sensor systems used to monitor storage tank levels, such as fuel tanks, to detect leaks and other parameters. Exploiting security flaws in these systems could lead to severe consequences like denial-of-service (DoS) and physical damage.

The 11 newly discovered vulnerabilities affect six ATG models: Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550.

Eight of the 11 flaws are rated critical in severity

CVE-2024-45066 (CVSS score: 10.0) - OS command injection in Maglink LX
CVE-2024-43693 (CVSS score: 10.0) - OS command injection in Maglink LX
CVE-2024-43423 (CVSS score: 9.8) - Hard-coded credentials in Maglink LX4
CVE-2024-8310 (CVSS score: 9.8) - Authentication bypass in OPW SiteSentinel
CVE-2024-6981 (CVSS score: 9.8) - Authentication bypass in Proteus OEL8000
CVE-2024-43692 (CVSS score: 9.8) - Authentication bypass in Maglink LX
CVE-2024-8630 (CVSS score: 9.4) - SQL injection in Alisonic Sibylla
CVE-2023-41256 (CVSS score: 9.1) - Authentication bypass in Maglink LX (a duplicate of a previously disclosed flaw)
CVE-2024-41725 (CVSS score: 8.8) - Cross-site scripting (XSS) in Maglink LX
CVE-2024-45373 (CVSS score: 8.8) - Privilege escalation in Maglink LX4
CVE-2024-8497 (CVSS score: 7.5) - Arbitrary file read in Franklin TS-550

For Further Reference

https://thehackernews.com/2024/09/critical-flaws-in-tank-gauge-systems.html

Ethical Hackers Turn to AI Tools as Cyber Threats Surge

2024年10月16日

Supply Chain Attacks Target Entry Points in Python, npm, and Other Open-Source Ecosystems

2024年10月14日

New BeaverTail Malware Targets Job Seekers Through Fake Recruiters

2024年10月9日

CTSI Warns New Fraud Repayment Rules May Leave Victims Struggling

2024年10月7日

Surge in Crypto-Doubling Scams After Presidential Debate

2024年10月3日

Ten Million Brits Affected by Fraud in Three Years

2024年10月1日

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Organizations

2024年9月26日

Cybersecurity Researchers Alert About New Rust-Based Splinter Post-Exploitation Tool

2024年9月25日

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

2024年9月24日

Mallox Group Revives Kryptina Ransomware in Enterprise Attacks

2024年9月23日