CISA Flags Critical Veeder-Root Flaws in Fuel Monitoring Systems

Author

Taylor Hawes
October 29, 2025

From the Editor’s Desk

This week we’re reminded that even the most mature sectors remain vulnerable. A major ICS advisory and heightened water-utility scrutiny show that infrastructure defence still demands our full attention. Does your organisation have full visibility into its legacy and operational-tech devices yet?

🔎 Deep Brief

CISA Flags Critical Veeder-Root Flaws in Fuel Monitoring Systems

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning about two critical vulnerabilities in the Veeder‑Root TLS4B Automatic Tank Gauge system, widely used in fuel-storage operations. 

The first flaw (CVE-2025-58428) is a command-injection vulnerability in the SOAP interface of versions prior to 11.A, enabling authenticated remote attackers to execute Linux shell commands. It has a severity score of 9.4 under the CVSS v4 system. 

A second issue (CVE-2025-55067) is an integer-overflow tied to UNIX time handling (2038-epoch rollover), which could allow denial-of-service or administrative lockouts. 

The affected systems are control devices inside energy storage infrastructure — the injection flaw could lead to full system compromise, while the time-overflow flaw could degrade or shut down monitoring altogether. CISA emphasises the risk to fuel-supply and safety operations. 

Takeaway

Operational technology vulnerabilities can cause physical disruption, not just data loss. Energy and logistics firms must fold ICS assets into regular vulnerability scans and include OT devices in their incident response playbooks.

🧠 Strategy in Action

EPA Expands Cyber Partnership with U.S. Water Sector

The Environmental Protection Agency (EPA) is strengthening its engagement with the U.S. water and wastewater sector amid rising cyber threats. Over the past year the EPA has scanned and identified internet-exposed operational-technology (OT) devices within water utilities, finding many systems unaware of their exposure.

For organizations,

  • Use the EPA checklist as a model for vendor-procurement questions: “How will you protect my assets? Will my human-machine interfaces be internet-exposed?”

  • Prioritize visibility of your OT estate — unknown exposure means unknown risk.

  • For smaller utilities or teams with limited budgets, look for case studies from the EPA outreach and adapt their practical steps for your context.

  • Consider that regulation may increase: although the EPA withdrew a proposed rule under pressure, the direction suggests more oversight is likely.

Takeaways: 

The agency released a new procurement checklist and cyber guides specifically for water-utilities to use when selecting and managing vendor equipment.

🕵️ Threat Actor Spotlight

admin@338

A China-based cyber threat actor, active since at least 2015, targeting organizations involved in financial, economic and trade policy.

Key traits

  • They engage in spear-phishing with malicious Microsoft Word attachments. 

  • Use publicly available RATs (e.g., PoisonIvy) as well as custom backdoors. 

  • Perform account-discovery, command-shell execution, system information discovery, network config discovery, and masquerading, among others

Defensive advice 

  • Even mid-sized organisations in financial/trade-policy sectors should assume exposure to threat actors of this type.

  • Focus detection on early lateral-movement activity (e.g., abnormal system-info dumps or netstat commands) rather than only high-volume events.

  • Ensure phishing controls and attachment-sandboxing are active, because the entry vector remains fairly traditional.

  • Maintain logs and analysis of network-connections and service starts to capture the sorts of commands used by this actor.

🛠️ Tool Check

SNMP Monitoring Tools for Network Visibility

SNMP continues to serve as the backbone of device monitoring, asset discovery, and network health tracking. According to Comparitech’s recent review, top tools include:

  • Domotz: A cloud-based network management system that uses SNMP for device discovery and real-time status monitoring. 

  • SuperOps: An RMM platform add-on that supports SNMP and ICMP monitoring for various network devices. 

  • ManageEngine OpManager: A feature-rich SNMP-based monitoring solution with an intuitive dashboard for tracking device health and performance. 

  • Site24x7: An all-in-one IT infrastructure and application monitoring tool that leverages SNMP for detailed network performance analysis.

  • N-able N-sight: A cloud-based remote monitoring and management tool that uses SNMP to track network device uptime and performance across distributed environments.

🗣️ Community Signal

A huge challenge for cyber professionals is that cyber security is perceived as a necessary evil, or a compliance function. And a board can be useful in driving the company's agenda so that cyber security is seen as an enabler of everything the organisation does, and not just a reaction to a breach. Jacqueline de Rojas, President of Tech UK and the President of Digital Leaders.

📚 Don’t Miss This

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Friday’s edition - Let’s keep that zero-day count at zero!