Executive Summary
In June 2026, the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, NSA, and Department of Energy, issued a warning about cyberattacks targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across critical infrastructure sectors. Attackers exploited vulnerabilities such as authentication bypasses, hardcoded credentials, and command-execution flaws to gain unauthorized access, allowing them to alter network settings, tank volumes, and pump controls. This manipulation could disable alerts and hinder operators from accurately monitoring tank levels, increasing the risk of leaks or equipment failures.
This incident underscores the growing threat to operational technology (OT) systems within critical infrastructure. The exploitation of ATG systems highlights the need for enhanced cybersecurity measures, including restricting internet exposure, implementing strong authentication protocols, and applying timely security updates to prevent unauthorized access and potential operational disruptions.
Why This Matters Now
The targeting of ATG systems in critical infrastructure sectors reveals a pressing need to secure operational technology against cyber threats. Immediate action is required to mitigate vulnerabilities that could lead to significant operational disruptions and safety hazards.
Attack Path Analysis
Attackers exploited internet-exposed Automatic Tank Gauge (ATG) systems by leveraging authentication bypass vulnerabilities and default credentials, gaining unauthorized access. They escalated privileges by exploiting command execution flaws, allowing them to modify system settings. Subsequently, they moved laterally within the network to access other critical systems. The attackers established command and control channels to maintain persistent access. They exfiltrated sensitive operational data from the compromised systems. Finally, they manipulated tank levels and disabled alerts, potentially leading to environmental hazards and operational disruptions.
Kill Chain Progression
Initial Compromise
Description
Attackers exploited internet-exposed ATG systems by leveraging authentication bypass vulnerabilities and default credentials, gaining unauthorized access.
Related CVEs
CVE-2024-45066
CVSS 9.8An authentication bypass vulnerability in the ProGauge MagLink LX ATG system allows remote attackers to gain unauthorized access.
Affected Products:
ProGauge MagLink LX – All versions prior to patch
Exploit Status:
exploited in the wildCVE-2024-43693
CVSS 9.8A command injection vulnerability in the ProGauge MagLink LX ATG system allows remote attackers to execute arbitrary commands.
Affected Products:
ProGauge MagLink LX – All versions prior to patch
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Valid Accounts
Exploitation for Privilege Escalation
Access Token Manipulation
Abuse Elevation Control Mechanism
Exploit Public-Facing Application
Server Software Component
Application Layer Protocol
Resource Hijacking
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Change Default Passwords
Control ID: 8.2.4
NYDFS 23 NYCRR 500 – Access Privileges
Control ID: 500.07
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Identity and Access Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Oil/Energy/Solar/Greentech
Critical infrastructure targeting of fuel tank monitoring systems exposes energy sector to authentication bypass, command execution, and operational technology compromise risks.
Chemicals
ATG system vulnerabilities enable attackers to manipulate chemical storage tank monitoring, disable leak detection alerts, and compromise safety-critical industrial control systems.
Food Production
Internet-exposed automatic tank gauge systems in food production facilities face SQL injection and privilege escalation attacks affecting liquid storage monitoring capabilities.
Transportation
Transportation sector fuel management systems vulnerable to Iranian-linked attacks exploiting hardcoded credentials and authentication bypass in ATG monitoring infrastructure.
Sources
- CISA warns of cyberattacks targeting fuel tank monitoring systemshttps://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/Verified
- CISA and Partners Urge Hardening Automatic Tank Gauge Systemshttps://www.cisa.gov/resources-tools/resources/cisa-and-partners-urge-hardening-automatic-tank-gauge-systemsVerified
- Critical Vulnerabilities Discovered in Automated Tank Gauge Systemshttps://www.bitsight.com/blog/critical-vulnerabilities-discovered-automated-tank-gauge-systemsVerified
- Many Fuel Tank Monitoring Systems Vulnerable to Disruptionhttps://www.darkreading.com/ics-ot-security/fuel-tank-monitoring-systems-vulnerable-disruptionVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could likely limit unauthorized access, privilege escalation, and lateral movement within the network, thereby reducing the attacker's ability to compromise critical systems and exfiltrate sensitive data.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to gain unauthorized access to ATG systems would likely be constrained, reducing the risk of initial compromise.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges and modify system settings would likely be constrained, reducing the risk of unauthorized system changes.
Control: East-West Traffic Security
Mitigation: The attacker's ability to move laterally within the network to access other critical systems would likely be constrained, reducing the risk of further system compromises.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels to maintain persistent access would likely be constrained, reducing the risk of sustained unauthorized presence.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate sensitive operational data from the compromised systems would likely be constrained, reducing the risk of data loss.
The attacker's ability to manipulate tank levels and disable alerts would likely be constrained, reducing the risk of environmental hazards and operational disruptions.
Impact at a Glance
Affected Business Functions
- Fuel Monitoring
- Leak Detection
- Inventory Management
Estimated downtime: 7 days
Estimated loss: $500,000
Operational data related to fuel levels, temperatures, and leak detection.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access to ATG systems and prevent lateral movement.
- • Enforce strong authentication mechanisms, including multifactor authentication, to mitigate authentication bypass vulnerabilities.
- • Deploy Intrusion Prevention Systems (IPS) to detect and block command execution exploits.
- • Utilize Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
- • Establish comprehensive monitoring and anomaly detection to identify and respond to unauthorized system modifications promptly.
