Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Critical flaws in tank gauge systems expose gas stations to remote attacks
Global Security

Critical flaws in tank gauge systems expose gas stations to remote attacks

AdminBy AdminSeptember 30, 2024No Comments5 Mins Read
Gas Stations to Remote Attacks
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


From gas stations to remote attacks

Six different automatic capacitance sensor (ATG) systems from five manufacturers were found to have critical security vulnerabilities that could expose them to remote attacks.

“These vulnerabilities pose a significant real-world risk as they can be exploited by attackers to cause widespread damage, including physical damage, environmental hazards, and economic losses,” Bitsight researcher Pedro Umbelino said in a report published last week.

To make matters worse, the analysis found that thousands of ATGs are exposed to the Internet, making them a lucrative target for attackers looking to launch disruptive and disruptive attacks on gas stations, hospitals, airports, military bases and other critical infrastructure.

ATGs are sensor systems designed to monitor the level in a storage tank (such as a fuel tank) over a period of time in order to determine leakage and parameters. Exploiting security flaws in such systems can have serious consequences, including denial of service (DoS) and physical damage.

Cyber ​​security

11 newly discovered vulnerabilities to influence six ATG models namely Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla and Franklin TS-550. Eight of the 11 flaws are rated as critical in severity –

  • CVE-2024-45066 (CVSS score: 10.0) – OS command injection in Maglink LX
  • CVE-2024-43693 (CVSS score: 10.0) – OS command injection in Maglink LX
  • CVE-2024-43423 (CVSS score: 9.8) – Hardcoded credentials in Maglink LX4
  • CVE-2024-8310 (CVSS score: 9.8) – Bypass authentication in OPW SiteSentinel
  • CVE-2024-6981 (CVSS score: 9.8) – Authentication bypass in Proteus OEL8000
  • CVE-2024-43692 (CVSS score: 9.8) – Authentication bypass in Maglink LX
  • CVE-2024-8630 (CVSS score: 9.4) – SQL injection in Alisonic Sibylla
  • CVE-2023-41256 (CVSS score: 9.1) – Authentication bypass in Maglink LX (duplicate of previously discovered bug)
  • CVE-2024-41725 (CVSS score: 8.8) – Cross-site scripting (XSS) in Maglink LX
  • CVE-2024-45373 (CVSS score: 8.8) – Escalation of Privilege in Maglink LX4
  • CVE-2024-8497 (CVSS score: 7.5) – Arbitrary file read in Franklin TS-550

“All of these vulnerabilities allow full administrator rights to the device application and, some of them, full access to the operating system,” Umbellino said. “The most damaging attack is to force devices to operate in a way that could cause physical damage to their components or to components connected to them.”

Vulnerabilities found in OpenPLC, Riello NetMan 204 and AJCloud

The open source OpenPLC solution was also exposed to security flaws, including a critical stack buffer overflow bug (CVE-2024-34026, CVSS score: 9.0) that could be exploited for remote code execution.

“Sending an ENIP request with an unsupported command code, a valid encapsulation header, and at least 500 total bytes can write beyond the allocated log_msg buffer and corrupt the stack,” Cisco Talos said. said. “Depending on the security measures enabled on the host in question, further exploitation may be possible.”

Another set of security holes concerns the Riello NetMan 204 network communication card used in its uninterruptible power systems (UPS), which could allow attackers to take control of the UPS and even falsify the collected log data.

  • CVE-2024-8877 – SQL injection in three API endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi, which allows arbitrary data modification
  • CVE-2024-8878 – Unauthenticated password reset via the /recoverpassword.html endpoint, which can be used to obtain a netmanid from a device, from which a password reset recovery code can be computed

“Entering the recovery code in ‘/recoverpassword.html’ resets the login credentials to admin:admin,” Thomas Weber of CyberDanube. saidnoting that this could allow an attacker to hijack the device and shut it down.

Both vulnerabilities remain unpatched, requiring users to restrict access to devices in critical environments until a fix is ​​available.

It is also worth noting several critical vulnerabilities in the AJCloud An IP camera management platform that, if successfully exploited, can expose sensitive user data and provide attackers with full remote control over any camera connected to a smart home cloud service.

“The built-in P2P command, which intentionally provides arbitrary write access to the key configuration file, can be used to either permanently disable cameras or facilitate remote code execution by triggering a buffer overflow” – Elastic Security Labs saidsaying that his attempts to reach the Chinese company have so far been unsuccessful.

CISA warns of continued attacks on OT networks

The development comes after the US Cybersecurity and Infrastructure Security Agency (CISA) noted an increase in threats to Internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including in the water and wastewater systems (WWS) sector.

“Open and vulnerable OT/ICS systems can allow cyber-threat actors to use default credentials, launch brute-force attacks, or use other unsophisticated methods to access and cause harm to these devices,” CISA said.

Cyber ​​security

Earlier in February of this year, the US Govt sanctioned six officials linked to Iranian intelligence for attacks on critical infrastructure in the United States and other countries.

These attacks involved targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs) that are exposed to the Internet through the use of default passwords.

Industrial cybersecurity company Claroty has since released two tools called PCOM2TCP and PCOMClient that allow users to extract forensic information from Unitronics integrated HMI/PLCs.

“PCOM2TCP allows users to convert serial PCOM messages to TCP PCOM messages and vice versa.” said. “A second tool called PCOMClient allows users to connect to Unitronics Vision/Samba series PLCs, query it and extract forensic information from the PLC.”

Additionally, Claroty cautions against over-deployment of in-house remote access solutions OT environment – anywhere from four to 16 – creates new security and operational risks for organizations.

“55% of organizations have deployed four or more remote access tools that connect OT to the outside world, a worrying percentage of companies that have extensive attack surfaces that are difficult and expensive to manage,” it said. noted.

“Engineers and asset managers should actively seek to eliminate or minimize the use of low-security remote access tools in OT environments, especially those that have known vulnerabilities or lack basic security features such as MFA.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.