Veeder-Root TLS4B Automatic Tank Gauge System Unix Time Handling Vulnerability Leading to Denial-of-Service

A vulnerability exists in the Veeder-Root TLS4B Automatic Tank Gauge (ATG) system, specifically in versions prior to 11.A, due to improper management of Unix time values that could disrupt system operations after the 2038 epoch rollover. When the system clock hits January 19, 2038, it incorrectly resets to December 13, 1901, causing authentication issues and interfering with essential functions like login access, history visibility, and leak detection termination. This flaw could enable an attacker to manipulate the system time, creating a denial-of-service condition that results in administrative lockout, operational timer failures, and damaged log entries.

Impact

Exploitation of this vulnerability could lead to a denial-of-service condition, causing administrative lockout, disrupting operational timers, and corrupting log entries.

Remediation

Veeder-Root is aware of this vulnerability and plans to release a fix. In the meantime, users should follow the network security best practices recommended by Veeder-Root, such as minimizing network exposure for control system devices, using firewalls to isolate control system networks from business networks, and employing secure remote access methods like VPNs. For additional assistance, users can contact Veeder-Root Technical Support at +1.800.323.1799.