Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Vulnerability Exposes Oil Tank Monitoring Devices to Attacks

A critical vulnerability has been found in oil tank monitoring devices from Tecson/GOK, but the vendor has released a patch and points out that there are less than 1,000 devices that could be affected.

Tecson is a Germany-based manufacturer of tank measurement systems, including oil tank displays, level probes, and remote monitoring products.

A critical vulnerability has been found in oil tank monitoring devices from Tecson/GOK, but the vendor has released a patch and points out that there are less than 1,000 devices that could be affected.

Tecson is a Germany-based manufacturer of tank measurement systems, including oil tank displays, level probes, and remote monitoring products.

Security researcher Maxim Rupp discovered that some Tecson devices are affected by a vulnerability that allows an attacker to access a web-based configuration interface without needing appropriate credentials.Vulnerability found in Tecson oil tank monitoring device

An attacker only needs to know a specific URL on the web server and the format of a valid request and they can access the configuration interface and view and modify settings.

“This issue allows changing the configuration and get full access to the web-based configuration interface of the device which includes all settings like passwords, alerting parameters and output states. That can adversely affect the planned operation of the equipment or can aid in further attacks on the industrial control process,” read the advisories published by Tecson and Germany’s VDE CERT.

Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

The vulnerability, tracked as CVE-2019-12254 with a CVSS score of 9.8 (critical), impacts LX-Net, LX-Q-Net, e-litro net, SmartBox4 LAN and SmartBox4 pro LAN oil tank monitoring products. The security hole has been addressed with the release of firmware version 6.3. Alternatively, attacks can be prevented by disabling port forwarding and remote access to the device.

Rupp told SecurityWeek that the vendor patched the vulnerability roughly one month after learning of its existence, which he has described as a “fast and good reaction.” The researcher said that while it may be possible to find a few vulnerable devices exposed to the Internet, these systems are typically accessible only from the local network.

Tecson told SecurityWeek that the affected products are mostly deployed in Germany, with less than five percent used by organizations in Austria and Belgium. The company has pointed out that the vulnerability should not be seen as highly critical as it does not allow an attacker to get beyond the device in the targeted organization’s network. The flaw can be more problematic if the relay switching function is enabled, but the vendor says only a few of its customers use it.

Advertisement. Scroll to continue reading.

The company says there are less than 1,000 devices that could be affected, and only if they have port forwarding enabled.

Tecson claims it’s in the process of identifying and notifying impacted customers of the vulnerability.

Related: Many Vulnerabilities Discovered in Moxa Industrial Switches

Related: Italian Oil Services Company Saipem Hit by Cyberattack

Related: Oil and Gas Sector in Middle East Hit by Serious Security Incidents

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.