Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities

Nearly a decade has passed since the cybersecurity community started warning about automatic tank gauge (ATG) systems being exposed to remote hacker attacks, and critical vulnerabilities continue to be found in these devices.

ATG systems are designed for monitoring the parameters in a storage tank, including volume, pressure, and temperature. They are widely deployed in gas stations, but are also present in critical infrastructure organizations, including military bases, airports, hospitals, and power plants.

Several cybersecurity companies showed in 2015 that ATGs could be remotely hacked, and some even warned — based on honeypot data — that these devices have been targeted by hackers.

Bitsight conducted an analysis earlier this year and found that the situation has not improved in terms of vulnerabilities and exposed devices. The company looked at six ATG systems from five different vendors and found a total of 10 security holes.

The impacted products are Maglink LX and LX4 ...