Executive Summary
In April 2026, the Cybersecurity and Infrastructure Security Agency (CISA), along with multiple federal partners, issued an urgent advisory regarding active cyberattacks targeting Automatic Tank Gauge (ATG) systems across the United States. These systems, integral to monitoring fuel storage tanks in sectors such as Energy, Chemical, Food and Agriculture, and Transportation, were found to be vulnerable due to internet exposure and weak authentication mechanisms. Threat actors exploited these weaknesses to gain unauthorized access, potentially allowing them to manipulate tank levels, disable alarms, and disrupt operations. While no physical damage was reported, the incidents underscored significant cybersecurity gaps in critical infrastructure. (infoodandfuel.org)
This advisory highlights the escalating threat landscape for operational technology (OT) systems, emphasizing the need for immediate action to secure ATG systems. The incidents serve as a stark reminder of the vulnerabilities present in internet-exposed OT devices and the potential for malicious actors to exploit these weaknesses to disrupt essential services.
Why This Matters Now
The recent cyberattacks on ATG systems reveal critical vulnerabilities in essential infrastructure, underscoring the urgent need for enhanced cybersecurity measures to protect against potential disruptions and environmental hazards.
Attack Path Analysis
Adversaries exploited internet-exposed Automatic Tank Gauge (ATG) systems by leveraging default or hardcoded credentials to gain unauthorized access. Once inside, they executed arbitrary code to manipulate system parameters and escalate privileges, achieving full administrative control. This access allowed them to move laterally within the network, potentially compromising other connected systems. They established command and control channels to maintain persistent access and exfiltrate sensitive data. Ultimately, they disrupted critical functions, leading to operational malfunctions and increased risk of environmental hazards.
Kill Chain Progression
Initial Compromise
Description
Adversaries exploited internet-exposed ATG systems by leveraging default or hardcoded credentials to gain unauthorized access.
Related CVEs
CVE-2024-2442
CVSS 7.5A path traversal vulnerability in Franklin Fueling System EVO 550 and EVO 5000 allows remote attackers to read arbitrary files on the system.
Affected Products:
Franklin Fueling System EVO 550 – < 2.26.3.8963
Franklin Fueling System EVO 5000 – < 2.26.3.8963
Exploit Status:
no public exploitCVE-2025-58428
CVSS 9.9A command injection vulnerability in Veeder-Root TLS4B Automatic Tank Gauge System's SOAP-based interface allows authenticated remote attackers to execute system-level commands.
Affected Products:
Veeder-Root TLS4B Automatic Tank Gauge System – All versions
Exploit Status:
no public exploitCVE-2025-55067
CVSS 7.1An integer overflow vulnerability in Veeder-Root TLS4B Automatic Tank Gauge System allows attackers to manipulate system time, causing authentication failures and operational disruptions.
Affected Products:
Veeder-Root TLS4B Automatic Tank Gauge System – All versions
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Valid Accounts
Default Accounts
Local Accounts
Cloud Accounts
Domain Accounts
Abuse Elevation Control Mechanism
Bypass User Account Control
Sudo and Sudo Caching
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Secure Authentication
Control ID: 8.2.3
NYDFS 23 NYCRR 500 – Access Privileges
Control ID: 500.07
DORA – ICT Risk Management
Control ID: Article 6
CISA ZTMM 2.0 – Identity
Control ID: Pillar 1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Oil/Energy/Solar/Greentech
Critical ATG system vulnerabilities enable threat actors to manipulate fuel monitoring, disable alerts, and compromise tank operations across energy infrastructure facilities.
Chemicals
Internet-exposed automatic tank gauge systems face authentication bypass and SQL injection attacks, potentially disrupting chemical storage monitoring and leak detection capabilities.
Food Production
OT/ICS compromise of ATG systems threatens liquid storage monitoring in food facilities, risking operational disruption and environmental hazards from system manipulation.
Transportation
Transportation fuel storage systems vulnerable to remote ATG exploitation, enabling attackers to alter tank parameters and disable critical safety monitoring functions.
Sources
- CISA and Partners Urge Hardening Automatic Tank Gauge Systemshttps://www.cisa.gov/resources-tools/resources/cisa-and-partners-urge-hardening-automatic-tank-gauge-systemsVerified
- Franklin Fueling System EVO 550/5000 | CISAhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-079-01Verified
- CVE-2025-58428: Veeder-Root TLS4B Automatic Tank Gauge System Command Injection Vulnerabilityhttps://cve.imfht.com/detail/CVE-2025-58428Verified
- CVE-2025-55067: Integer Overflow in Veeder-Root TLS4B Automatic Tank Gauge Systemhttps://cvefeed.io/vuln/detail/CVE-2025-55067Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it embeds security directly into the cloud fabric, effectively reducing the attacker's ability to move laterally and exfiltrate data.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit default credentials on internet-exposed systems would likely be constrained, limiting unauthorized access.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges and gain full administrative control would likely be constrained, reducing the scope of unauthorized actions.
Control: East-West Traffic Security
Mitigation: The attacker's ability to move laterally within the network would likely be constrained, reducing the risk of compromising additional systems.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels would likely be constrained, reducing the risk of persistent access and data exfiltration.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate sensitive data would likely be constrained, reducing the risk of data loss.
The attacker's ability to disrupt critical functions would likely be constrained, reducing the risk of operational malfunctions and environmental hazards.
Impact at a Glance
Affected Business Functions
- Fuel Inventory Management
- Leak Detection Monitoring
- Regulatory Compliance Reporting
Estimated downtime: 7 days
Estimated loss: $500,000
Operational data including fuel levels, leak detection logs, and system configurations.
Recommended Actions
Key Takeaways & Next Steps
- • Implement strong, unique passwords and change default credentials on all ATG systems to prevent unauthorized access.
- • Remove ATG systems from direct internet exposure; if remote access is necessary, use secure methods such as VPNs with multifactor authentication.
- • Apply the latest security patches and updates to ATG systems to mitigate known vulnerabilities.
- • Monitor network traffic for anomalies and unauthorized access attempts to detect potential intrusions early.
- • Establish and enforce strict access controls and segmentation within the network to limit lateral movement opportunities for adversaries.
