Executive Summary
In June 2026, over 900 Automatic Tank Gauge (ATG) systems across the United States were found exposed online, making them vulnerable to cyberattacks. ATG systems are critical for monitoring fuel and chemical storage tanks in various sectors, including energy and transportation. Threat actors exploited security flaws such as hardcoded credentials and authentication bypasses to gain unauthorized access, potentially leading to operational disruptions and safety hazards. (bleepingcomputer.com)
This incident underscores the growing threat to critical infrastructure from cyberattacks targeting industrial control systems. Organizations must prioritize securing internet-exposed devices to prevent similar vulnerabilities from being exploited in the future.
Why This Matters Now
The exposure of ATG systems highlights the urgent need for critical infrastructure sectors to enhance cybersecurity measures, as such vulnerabilities can lead to significant operational and safety risks.
Attack Path Analysis
Attackers exploited vulnerabilities in internet-exposed Automatic Tank Gauge (ATG) systems to gain unauthorized access. They then escalated privileges to modify system settings, enabling lateral movement to other connected systems. Establishing command and control, they manipulated tank readings and disabled alerts. Data was exfiltrated, and the attack culminated in operational disruptions and potential safety hazards.
Kill Chain Progression
Initial Compromise
Description
Attackers exploited vulnerabilities in internet-exposed ATG systems, such as hardcoded credentials and authentication bypasses, to gain unauthorized access.
Related CVEs
CVE-2025-58428
CVSS 9.9A command injection vulnerability in the SOAP-based web services interface of Veeder-Root TLS4B ATG systems allows authenticated remote attackers to execute arbitrary system-level commands.
Affected Products:
Veeder-Root TLS4B ATG – < 11.A
Exploit Status:
exploited in the wildCVE-2025-2567
CVSS 9.8A missing authentication vulnerability in certain ATG systems allows unauthenticated remote attackers to modify or disable device settings, potentially disrupting fuel monitoring and creating safety hazards.
Affected Products:
Various Automatic Tank Gauge (ATG) systems – unspecified
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Exploit Public-Facing Application
Internet Accessible Device
Manipulation of Control
Manipulation of View
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identify and inventory all assets, including hardware, software, and data.
Control ID: 1.1
NIS2 Directive – Cybersecurity risk-management measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Oil/Energy/Solar/Greentech
Automatic tank gauge systems monitoring fuel storage are vulnerable to Iranian state-backed attacks causing operational disruptions and compromised leak detection capabilities.
Utilities
Critical infrastructure facilities using ATG systems for chemical storage face command execution attacks that disable safety alerts and risk permanent equipment damage.
Transportation
Over 900 exposed fuel monitoring systems across gas stations enable attackers to manipulate displays and compromise automated safety functions through hardcoded credentials.
Chemicals
Industrial chemical storage tank monitoring systems are exposed to ongoing attacks exploiting SQL injection and privilege escalation vulnerabilities in ATG devices.
Sources
- Over 900 US gas station tank gauge systems exposed to attackshttps://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/Verified
- CISA and Partners Urge Hardening Automatic Tank Gauge Systemshttps://www.ic3.gov/CSA/2026/260602.pdfVerified
- CVE-2025-58428: TLS4B ATG System RCE Vulnerabilityhttps://www.sentinelone.com/vulnerability-database/cve-2025-58428/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's initial access would likely be limited to the compromised ATG system, reducing the potential for further exploitation.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges would likely be constrained, reducing the risk of gaining higher-level permissions.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement would likely be restricted, reducing the risk of compromising additional systems.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels would likely be detected and disrupted, reducing the risk of system manipulation.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's data exfiltration attempts would likely be identified and blocked, reducing the risk of data loss.
The attacker's ability to cause operational disruptions and safety hazards would likely be limited, reducing the overall impact of the attack.
Impact at a Glance
Affected Business Functions
- Fuel Inventory Management
- Environmental Monitoring
- Regulatory Compliance
Estimated downtime: 3 days
Estimated loss: $50,000
Operational data related to fuel levels, temperature readings, and leak detection.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access and limit lateral movement within the network.
- • Enforce strong authentication mechanisms, including multi-factor authentication, to prevent unauthorized access.
- • Regularly update and patch ATG systems to mitigate known vulnerabilities.
- • Deploy intrusion detection and prevention systems to monitor and block malicious activities.
- • Conduct regular security assessments and penetration testing to identify and remediate potential weaknesses.
