CISA warning – A new CISA advisory says threat actors have compromised internet-facing Automatic Tank Gauge (ATG) systems in recent months, exploiting flaws such as authentication bypass, hardcoded credentials, command execution, and SQL injection. The agencies urge operator
For months, hackers have been getting into an unusual place in US fuel infrastructure: the systems that quietly watch what’s inside storage tanks.
In a new government advisory. the Cybersecurity & Infrastructure Security Agency says threat actors have targeted Automatic Tank Gauge (ATG) systems used to monitor fuel and liquid storage tanks across the US. CISA says these actors have already compromised internet-facing devices in recent months. turning equipment many people don’t think about into a potential lever for real-world disruption.
ATG systems are the digital monitoring platforms for checking inventory. detecting leaks. and managing tank conditions across sites ranging from gas stations to industrial facilities. When they’re attacked, the damage isn’t confined to screenshots and stolen data. Officials warn that disruptions to services dependent on these systems can halt real operations.
The pressure point is access. The same convenience that helps these industrial systems operate smoothly—direct or easy connectivity—has also become the entry route attackers now use.
CISA’s June 2 publication describes how attacks on ATG systems have been observed exploiting weaknesses inside the systems. The advisory highlights authentication bypass vulnerabilities and hardcoded credentials that can grant direct access to device management interfaces.
It also points to OS command execution and SQL injection flaws that could enable arbitrary code execution, database manipulation, and in some cases escalation of privileges up to full administrative control over the system.
With that kind of control, attackers can behave less like intruders and more like trusted operators—modifying configurations, suppressing danger alerts, or causing permanent damage.
The advisory isn’t limited to CISA’s own lane. It lists multiple affected and participating agencies. including the FBI. the NSA. the Department of Energy (DOE). and the Environmental Protection Agency (EPA). It also includes the Transportation Security Agency (TSA), the Department of Transportation (DOT), and the US Department of Agriculture (USDA).
Together, they are telling ATG operators what to do, wherever applicable:
Disable direct internet exposure. Remove ATG systems from direct internet access where possible, and restrict remote connectivity using VPNs, Access Control Lists (ACLs), or similar controls.
Strengthen authentication. Replace default credentials with stronger ones and deploy phishing-resistant MFA where possible.
Patch and update systems. The attacks exploited vulnerabilities that could have been avoided with system updates from ATG manufacturers.
Increase system visibility. Enable continuous monitoring and logging to detect unauthorized access and unusual changes that could indicate tampering.
Enforce vendor security. When working with a vendor, ensure secure practices are followed, since a supply chain flaw can serve as an entry point into the broader system.
For operators, the message lands plainly: ATG systems should not be treated as forgotten back-office hardware. Any device exposed to the internet should be reviewed, access restricted, credentials changed, and suspicious activity reported to CISA or law enforcement.
CISA warning Automatic Tank Gauge ATG systems fuel tank monitoring industrial cybersecurity authentication bypass hardcoded credentials SQL injection OS command execution infrastructure security MFA VPN ACL supply chain security