Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Vulnerability Exposes Oil Tank Monitoring Devices to Attacks

A critical vulnerability has been found in oil tank monitoring devices from Tecson/GOK, but the vendor has released a patch and points out that there are less than 1,000 devices that could be affected.

Tecson is a Germany-based manufacturer of tank measurement systems, including oil tank displays, level probes, and remote monitoring products.

A critical vulnerability has been found in oil tank monitoring devices from Tecson/GOK, but the vendor has released a patch and points out that there are less than 1,000 devices that could be affected.

Tecson is a Germany-based manufacturer of tank measurement systems, including oil tank displays, level probes, and remote monitoring products.

Security researcher Maxim Rupp discovered that some Tecson devices are affected by a vulnerability that allows an attacker to access a web-based configuration interface without needing appropriate credentials.Vulnerability found in Tecson oil tank monitoring device

An attacker only needs to know a specific URL on the web server and the format of a valid request and they can access the configuration interface and view and modify settings.

“This issue allows changing the configuration and get full access to the web-based configuration interface of the device which includes all settings like passwords, alerting parameters and output states. That can adversely affect the planned operation of the equipment or can aid in further attacks on the industrial control process,” read the advisories published by Tecson and Germany’s VDE CERT.

Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

The vulnerability, tracked as CVE-2019-12254 with a CVSS score of 9.8 (critical), impacts LX-Net, LX-Q-Net, e-litro net, SmartBox4 LAN and SmartBox4 pro LAN oil tank monitoring products. The security hole has been addressed with the release of firmware version 6.3. Alternatively, attacks can be prevented by disabling port forwarding and remote access to the device.

Advertisement. Scroll to continue reading.

Rupp told SecurityWeek that the vendor patched the vulnerability roughly one month after learning of its existence, which he has described as a “fast and good reaction.” The researcher said that while it may be possible to find a few vulnerable devices exposed to the Internet, these systems are typically accessible only from the local network.

Tecson told SecurityWeek that the affected products are mostly deployed in Germany, with less than five percent used by organizations in Austria and Belgium. The company has pointed out that the vulnerability should not be seen as highly critical as it does not allow an attacker to get beyond the device in the targeted organization’s network. The flaw can be more problematic if the relay switching function is enabled, but the vendor says only a few of its customers use it.

The company says there are less than 1,000 devices that could be affected, and only if they have port forwarding enabled.

Tecson claims it’s in the process of identifying and notifying impacted customers of the vulnerability.

Related: Many Vulnerabilities Discovered in Moxa Industrial Switches

Related: Italian Oil Services Company Saipem Hit by Cyberattack

Related: Oil and Gas Sector in Middle East Hit by Serious Security Incidents

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

F5 has appointed Cathy Peterman as Chief People Officer.

Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.

CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.