Key takeaway: ATG systems at gas stations and industrial facilities are threatened by authentication vulnerabilities and injection attacks, requiring immediate measures for isolation and hardening.
The US Cybersecurity & Infrastructure Security Agency (CISA) is warning of ongoing attacks on automated tank gauges (ATGs) that enable attackers to drain tank contents without operators noticing. The systems are not only prevalent at gas stations but are also deployed on military bases, in hospitals, factories, and in the chemical, food, and agricultural industries.
CISA and other agencies warn that successful attacks on ATGs can lead to dangerous compromises: operators lose control over actual tank contents and notice neither leaks nor thefts.
Known attack methods follow three patterns: authentication bypass and hardcoded credentials allow attackers access to device management; OS command execution and SQL injection manipulate the underlying databases; privilege escalation grants full administrator access.
For security leaders, this means concrete measures: remove connections to serial interfaces to eliminate direct internet connectivity; change default passwords immediately; deploy current patches; report suspicious activity to CISA; require suppliers and partners to adhere to the same standards. A Canadian energy company was already compromised; in 2024, security firm BitSight explicitly warned of ATGs as preferred targets.
Source: www.csoonline.com · Published 5 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.6.5.