Apply Now to Attend Nexus Conference 2025
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
pedro-umbelino.jpg
Industrial
Operational Resilience
Operational Technology
Vulnerability Management

Nexus Podcast: Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

Michael Mimoso
/
Jul 2, 2025

Subscribe and listen to the Nexus podcast on your favorite platform.

Industrial control systems can find themselves in the darndest places, and have the most important jobs imaginable when it comes to environmental protection, a company’s financial health, or its compliance with regulatory mandates. 

Automatic Tank Gauge (ATG) systems are one such ICS. These devices have sets of sensors that measure and record fuel levels, condensation, temperature, and volume in storage tanks. They are critical because they can be used to monitor for leaks, and can trigger alerts, sirens, perform emergency shutoff procedures, or allow for ventilation if necessary. ATG devices are commonplace inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. 

In this episode of the Nexus Podcast, Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. 

The vulnerabilities uncovered by Pedro and his team, particularly in the ATG protocol, range from authentication bypass flaws and privilege escalation, to command and SQL injection attacks. All of the vulnerabilities could allow an attacker to gain full administrator privileges of the device application managing these ATGs, as well as access to the full operating system. 

The vulnerabilities may expose thousands of these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage. Worse yet is that these systems are old and challenging to update. Umbelino said that more than 9,000 are reachable online. 

Umbelino explained that research into the protocol isn’t new, and previous vulnerabilities have been found that cannot be fixed without an overhaul of the core specification itself. 

“It’s a legacy protocol, but it’s still being used [on new devices]. Most devices that are new have that option of either by default or have the ability to turn on that protocol because there are many solutions that are out there from integrators that they need to be able to pull data from these ATGs using that protocol,” he explained. “They don’t have another solution, so that’s probably why it’s still being maintained.” 

Throughout the discussion, Umbelino discusses: 

  • Some details on the vulnerabilities

  • The disclosure process with the respective vendors

  • The potential impact from successful exploits, including environmental and other physical damage

  • The challenges in fixing these issues in the field

Industrial
Operational Resilience
Operational Technology
Vulnerability Management
Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
Subscribe
Listen on Apple Podcasts. Listen on Spotify Podcasts.
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
gentry_lane_hi-res_portrait.jpg
Cyber Resilience
Risk Management
Industrial
Healthcare

Nexus Podcast: Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

Michael Mimoso
steven-sim-ot-isac.jpeg
Operational Technology
Operational Resilience
Cyber Resilience
Vulnerability Management

Nexus Podcast: Steven Sim on OT-ISAC and Cybersecurity Information Sharing

Michael Mimoso
Sarah Fluchs revisits the progress and adoption of the Top 20 Secure PLC Coding Practices list.
Cyber Resilience
Risk Management
Vulnerability Management

Nexus Podcast Episode 100: Sarah Fluchs on the Cyber Resilience Act

Michael Mimoso
new_nexus_podcast.png
Healthcare
Industrial
Operational Technology
Internet of Things
Risk Management

Looking Back at 100 Episodes of the Nexus Podcast

Michael Mimoso
nexus_andrew-ohrt.png
Cyber Resilience
Operational Resilience
Operational Technology
Industrial
Risk Management

Nexus Podcast: Andrew Ohrt on Starting Cyber-Informed Engineering Projects

Michael Mimoso
megan-stifel.png
Federal
Cyber Resilience
Ransomware
Operational Resilience

Nexus Podcast: Megan Stifel on the Impact of the Ransomware Task Force

Michael Mimoso
Joe Slowik, threat intelligence and detections lead at Gigamon, joins the Nexus podcast to discuss a Virus Bulletin paper and presentation he gave recently on XENOTIME.
Federal
Risk Management
Cyber Resilience
Operational Resilience

Nexus Podcast: Joe Slowik on Identifying Truly ‘Critical’ Infrastructure

Michael Mimoso
danielle-jablanski.png
Cyber Resilience
Operational Resilience
Operational Technology
Risk Management
Federal

Nexus Podcast: Danielle Jablanski on Critical Infrastructure Protection

Michael Mimoso
cassie-crossley.jpeg
Federal
Cyber Resilience
Operational Resilience
Vulnerability Management
Risk Management

Nexus Podcast: Cassie Crossley on Hardware Security, HBOMs

Michael Mimoso
On this episode of the Nexus Podcast, Rapid7 Senior Director of Threat Analytics Christiaan Beek explores the economics of ransomware and the continued profitability and success of it as an attack vector.
Ransomware
Cyber Resilience
Risk Management

Nexus Podcast: Christiaan Beek on Ransomware’s Continued Profitability

Michael Mimoso
florence-hudson-picture_edit.jpg
Healthcare
Internet of Things
Risk Management
Cyber Resilience

Nexus Podcast: Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard

Michael Mimoso
On this episode of the Claroty Nexus Podcast, Mike Holcomb, global lead for ICS and OT cybersecurity at engineering and construction solution provider Fluor, discusses his advocacy and efforts to educate engineers and IT cybersecurity professionals in the nuances of protecting operational technology and industrial control systems.
Operational Technology
Operational Resilience
Vulnerability Management
Industrial

Nexus Podcast: Mike Holcomb on Starting and Succeeding in OT Cybersecurity

Michael Mimoso
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
gentry_lane_hi-res_portrait.jpg
Cyber Resilience
Risk Management
Industrial
Healthcare

Nexus Podcast: Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict
steven-sim-ot-isac.jpeg
Operational Technology
Operational Resilience
Cyber Resilience
Vulnerability Management

Nexus Podcast: Steven Sim on OT-ISAC and Cybersecurity Information Sharing
Sarah Fluchs revisits the progress and adoption of the Top 20 Secure PLC Coding Practices list.
Cyber Resilience
Risk Management
Vulnerability Management

Nexus Podcast Episode 100: Sarah Fluchs on the Cyber Resilience Act