CVE-2025-58428

CVE-2025-58428 affects Veeder-Root TLS4B ATG system. The vulnerability stems from the SOAP-based interface being accessible through the web services handler, which enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. Reported impact incl...

CVE-2025-58428 Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote...

CVE-2025-55067 Integer Overflow or Wraparound in Veeder-Root TLS4B Automatic Tank Gauge System

The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...

CVE-2025-55067 Integer Overflow or Wraparound in Veeder-Root TLS4B Automatic Tank Gauge System

The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...

CVE-2025-55067

The CVE concerns Veeder-Root TLS4B Automatic Tank Gauge (ATG) System and describes an integer wraparound/overflow when Unix time reaches the 2038 epoch. The core issue is improper handling of times beyond January 19, 2038, causing the system clock to roll back to December 13, 1901. Consequences d...

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-296-01 AutomationDirect Productivity Suite ICSA-25-296-02 ASKI Energy ALS-Mini-S8 and ALS-Mini-S4...

Veeder-Root TLS4B Automatic Tank Gauge System

RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute system-level commands, gain full shell access, achieve remote command execution, move laterally within the network, trigger a denial of service condition, cause administrative lockout, and disrupt...

Veeder-Root TLS4B Automatic Tank Gauge System 输入验证错误漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root USA. An input validation error vulnerability exists in the Veeder-Root TLS4B Automatic Tank Gauge System, which stems from improper handling of...

PT-2025-43551

Name of the Vulnerable Software and Affected Versions Veeder-Root TLS4B ATG versions affected versions not specified Description The TLS4B ATG system’s SOAP-based interface is susceptible to command injection due to its accessibility through the web services handler. This allows remote attackers...

Veeder-Root TLS4B Automatic Tank Gauge System 命令注入漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root, Inc. The Veeder-Root TLS4B Automatic Tank Gauge System suffers from a command injection vulnerability that stems from the SOAP interface being...

Automated Tank Gauge (ATG) Remote Configuration Disclosure Exploit

In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges ATGs which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators wh...

Veeder-Root Automatic Tank Gauge (ATG) Administrative Client

This module acts as a simplistic administrative client for interfacing with Veeder-Root Automatic Tank Gauges ATGs or other devices speaking the TLS-250 and TLS-350 protocols. This has been tested against GasPot and Conpot, both honeypots meant to simulate ATGs; it has not been tested against...