Multiple critical security vulnerabilities in automatic tank gauge (ATG) systems, some unpatched, threaten critical infrastructure facilities with disruption and physical damage, researchers are warning. ATGs are sensor systems that monitor and manage fuel storage tanks to ensure that fill levels aren't too low or too high, to see that leaks are detected in real-time, and to manage inventory. ATGs can be found where you'd expect them to be, like at gas stations and airports, but also in less obvious installations.
"In the US, for example, we were told that you are required by law to have an ATG system installed in any fuel tank of a certain size," Pedro Umbelino, principal research scientist at Bitsight's TRACE unit, explains to Dark Reading. "Gas stations are the largest and most obvious use case, but the second largest use case for ATGs are critical facilities that require large backup generators — you often see these in facilities like hospitals, military installations and airports." Worryingly, most of the newly discovered vulnerabilities allow for an attacker to have full control of an ATG as an administrator.
And according to Umbelino, the 11 bugs across six ATG systems from five different vendors can thus open the door to a gamut of nefarious activities, ranging from making fueling unavailable to wreaking environmental havoc. Related: Concerns Over Supply Chain Attacks on US Seaports Grow "What's even more concerning is that, besides multiple warnings in the past, th.
