Lantronix XPort Missing Authentication Vulnerability Allowing Disruption of Fuel Monitoring Operations

A vulnerability exists in the Lantronix XPort device, specifically in versions 6.5.0.7 through 7.0.0.3. This vulnerability allows attackers to gain unauthorized access to the device's configuration interface, where they can modify or disable critical settings. Such actions could disrupt fuel monitoring and supply chain operations, potentially leading to safety hazards in the storage and transportation of fuel. The vulnerability arises from missing authentication for critical functions, allowing unauthorized changes that could disable automated tank gauge (ATG) monitoring.

Impact

Exploitation of this vulnerability could result in unauthorized modifications to device settings, disrupting fuel monitoring and supply chain operations. This disruption could create safety risks in fuel storage and transportation by disabling critical monitoring systems.

Remediation

Lantronix has released a firmware update to version 8.0.0.0 for the XPort device, which addresses this vulnerability by enhancing security and preventing unauthorized access. Users are encouraged to upgrade to the latest version and, for greater protection, consider switching to the XPort Edge product, which is immune to these vulnerabilities.