A recent investigation by Bitsight TRACE has uncovered several critical 0-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors.
These vulnerabilities are substantial real-world threats, with the potential for exploitation by malicious actors, leading to severe consequences such as physical damage, environmental harm, and financial losses.
Even more alarming is that, despite repeated warnings, thousands of ATGs remain online and directly accessible via the internet, making them highly vulnerable to cyberattacks, particularly in sabotage or cyberwarfare contexts.
Industrial Control Systems (ICS) form the backbone of modern critical infrastructure, with ATG systems playing a key role in managing fuel storage across various industries.
These systems, responsible for monitoring fuel levels and detecting leaks, are essential for facilities ranging from gas stations to hospitals, airports, military bases, and power plants.
Real-World Risks and Potential Consequences
Pedro Umbelino, Principal Research Scientist at Bitsight, says the vulnerabilities could allow malefactors to exploit ATG systems, leading to potentially catastrophic outcomes, including environmental hazards, economic disruption, and even physical damage. Shockingly, despite past warnings, thousands of ATGs remain online and directly accessible via the internet, making them prime targets for cyberattacks.
Bitsight’s research found that threat actors could gain full control of ATG systems, allowing them to manipulate fuel levels, disable alarms, and even shut down fuel dispensing systems. The ability to control physical processes is a grave risk to critical infrastructure, which could cause fuel spills, equipment damage, or widespread service disruption at essential facilities like hospitals or emergency services. They could rename tank information, alter tank sizes to trigger overflows, disable leak detection, or even shut down fuel pumps, creating physical and environmental hazards.
The financial impact could also be severe, with attackers able to steal sensitive operational data or disable critical systems, potentially leading to hefty fines and regulatory penalties.
While some facilities may have implemented external controls to mitigate these risks, the widespread exposure of ATG systems online is alarming. Bitsight has stressed that even the most basic cybersecurity measures, like disconnecting ATGs from the internet, are often neglected.
Efforts to Mitigate the Threat
In response to these findings, Bitsight says it has collaborated with the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to coordinate a responsible vulnerability disclosure process. For the past six months, the two organizations and CISA have worked closely with vendors to address the vulnerabilities and prevent exploitation. CISA has since published remediation advisories to guide organizations in securing their ATG systems.
However, despite these efforts, exposure remains high. Bitsight’s ongoing monitoring has revealed over 6,500 ATG systems are still connected to the internet without any security protections, leaving critical infrastructure vulnerable to cyberattacks.
Legacy Issues and Longstanding Vulnerabilities
This is not the first time vulnerabilities in ATG systems have been revealed. As far back as 2015, security researchers warned of exposed ATG systems on the internet, with thousands found to be accessible without password protection. Since then, several experiments and reports, including Trend Micro’s “GasPot” honeypot experiment, have illustrated the attractiveness of these systems to attackers.
Despite multiple warnings and ongoing research, the attack surface has only grown. Between 2015 and 2022, the number of vulnerable ATG systems increased by 120%, according to Cyborg Security. The problem persists today, with Bitsight’s discovery of new vendor-specific vulnerabilities shining a light on the critical need for enhanced security measures.
Why ATG Systems Must Prioritize Cybersecurity
While the vulnerabilities exposed do not necessarily present imminent physical damage or environmental disaster, the potential for harm is real. Bad actors could disrupt fuel supplies, cause economic loss, or damage essential services, particularly in industries that rely heavily on fuel management.
Securing ATG systems must become a priority for facility owners and operators. Disconnecting these systems from the internet, implementing strong access controls, and following CISA’s remediation advisories are key steps to reducing the risk of exploitation.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.