Automated Tank Gauge (ATG) Remote Configuration Disclosure

In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges (ATGs) which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators when tank volumes are too high or have reached a critical low. ATGs are utilized by nearly every fueling station in the United States and tens of thousands of systems internationally. They are most commonly manufactured by Veeder-Root, a supplier of fuel dispensers, payment systems, and forecourt merchandising. For remote monitoring of these fuel systems, operators will commonly configure the ATG serial interface to an internet-facing TCP port (generally set to TCP 10001). This script reads the Get In-Tank Inventory Report from TCP/10001 as a proof of concept to demonstrate the arbitrary access.Exploit Files ≈ Packet Storm  

 

More To Explore

Drupal H5P Module 2.0.0 Zip Slip Traversal

Drupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.   Exploit Files ≈ Packet Storm   

Ubuntu Security Notice USN-5760-2

Ubuntu Security Notice 5760-2 – USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It

Do You Want To Secure Your Business?

drop us a line and keep in touch

Cyber Security Automation
Generated by Feedzy