CISA Warns of Critical Veeder-Root Vulnerabilities Allowing Attackers to Execute System-Level Commands

Written By Raymond Rees

Washington D.C., November 5, 2025 — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory detailing multiple critical vulnerabilities affecting Veeder-Root’s TLS4B Automatic Tank Gauge (ATG) systems, widely used across the fuel retail, logistics, and energy sectors. The flaws could allow attackers to execute system-level commands, manipulate device timekeeping, or disrupt ATG functionality—posing significant operational and security risks to fuel infrastructure nationwide.

Two Major Vulnerabilities Identified

CISA identified two primary vulnerabilities impacting TLS4B versions prior to 11.A:

1. CVE-2025-58428 — Command Injection (CVSS 9.9)
A critical command-injection vulnerability exists within the SOAP-based web services interface. Attackers with valid credentials could execute arbitrary system-level commands on the underlying Linux host, enabling full shell access, lateral movement within networks, or complete device takeover.

2. CVE-2025-55067 — Integer Overflow / 2038 Time Rollover (CVSS ~7.1)
An integer overflow flaw allows manipulation of system time. By altering timestamps, an attacker could cause authentication failures, corrupt logs, lock out administrators, or trigger denial-of-service (DoS) conditions. While not yet known to be exploited in the wild, CISA warns that the attack surface is substantial.

Impact Across Critical Infrastructure

Veeder-Root ATG systems are deployed globally to monitor underground storage tanks, leak detection systems, and fuel inventory levels. Any compromise to these systems could have cascading effects, including:

  • Disruptions to retail fuel operations

  • Safety and environmental hazards

  • Supply chain interruptions

  • Unauthorized manipulation of fueling systems

  • Adversarial reconnaissance or lateral movement within operator networks

While Veeder-Root has released version 11.A to address the command-injection flaw, additional mitigations are still needed until a fix is available for the time-manipulation vulnerability.

CISA’s Recommended Immediate Actions

CISA is strongly urging operators to:

  • Upgrade affected systems to TLS4B version 11.A

  • Isolate ATG systems from business networks

  • Restrict remote access entirely or limit it through secure methods

  • Review logs for irregular communication or timestamp anomalies

  • Implement strong network segmentation

  • Employ firewalls, access controls, and monitoring tools to detect suspicious traffic

Call to Action: Strengthen Your Security Posture with PASS Connect

In response to these vulnerabilities, operators should take immediate steps to remove ATGs from exposed environments and adopt secure, out-of-band communication paths. PASS Training & Compliance recommends using PASS Connect, a purpose-built, secure ATG communication solution designed specifically to reduce cyber-risk around fuel monitoring systems.

Why PASS Connect Matters Now

PASS Connect ensures that ATGs never touch the operator’s business network. Instead of relying on customer LAN connections—where devices are often poorly segmented, misconfigured, or unknowingly exposed—PASS Connect has an option for a dedicated, isolated cellular communication channel.

This architectural separation dramatically reduces vulnerability to:

  • Command-injection attacks

  • Network-based exploitation

  • Lateral movement by threat actors

  • Misconfigured remote-access paths

  • Time manipulation and log corruption attempts

Immediate Protective Steps for Operators

Organizations should act promptly to:

  • Remove ATGs from corporate networks and eliminate any internal LAN routing

  • Deploy an isolated cellular box to ensure ATG traffic never passes through business systems

  • Adopt PASS Connect for secure, encrypted, out-of-band ATG communication

  • Update all TLS4B systems to version 11.A

  • Conduct a site-by-site connectivity audit to identify exposed devices

  • Implement segmentation and firewall-based controls for any remaining networked equipment

Conclusion

CISA’s advisory underscores a growing reality: OT systems, once isolated by default, are now connected in ways that introduce serious risk. Critical vulnerabilities in Veeder-Root’s TLS4B platform demonstrate how attackers can leverage improperly segmented ATG systems to gain deep access into fuel retail environments.

Organizations that rely on ATGs must act quickly—not just by applying software fixes, but by reevaluating how these systems connect to the outside world. With PASS Connect, operators can remove ATGs from vulnerable networks altogether and deploy a secure, resilient communication path that aligns with modern cybersecurity best practices. Contact PASS for more information.

Raymond Rees
Previous

New PASS Symphonics Dashboard: At-a-Glance Insights for Service Providers
Next

New PASS Symphonics Dashboard: At-a-Glance Insights for Service Providers