The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory for two significant vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System. These flaws can allow attackers to execute arbitrary commands, posing a serious risk to fuel storage and management operations. The primary vulnerability has a high CVSS v4 score of 9.4, indicating it is easily exploitable with basic credentials. CISA details that the vulnerabilities stem from command handling and Unix time management issues, with both identified flaws affecting systems globally.
CVE-2025-58428 concerns a command injection through the SOAP interface, allowing remote access and potential for data theft. CVE-2025-55067 relates to an integer overflow issue leading to DoS disruptions. Veeder-Root recommends urgent upgrades to mitigate risks, while CISA suggests minimizing internet exposure and implementing security best practices. The impact includes potential downtime affecting fuel supplies and safety along with administrative disruptions due to lockouts and log corruption, highlighting the need for prompt action to address these vulnerabilities.
👉 Pročitaj original: Cyber Security News
