CVE 9.4 CRITICAL

Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System_CVE-2025-58428

October 23, 2025 invoker category_cve

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote command execution, full shell access, and potential lateral movement within the network.

AI Analysis

Remote command execution vulnerability in Veeder-Root TLS4B Automatic Tank Gauge System

Basic Information

ID CVE-2025-58428

Source icscert

Published Oct 23, 2025 at 19:49

Modified Oct 23, 2025 at 20:29

Affected Product

Vendor Veeder-Root

Product TLS4B Automatic Tank Gauge System

Affected Versions Veeder-Root TLS4B Automatic Tank Gauge System 0

CWE Classification

CWE-77

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Veeder-Root

Product TLS4B Automatic Tank Gauge System

References

{
    "lastseen": "",
    "description": "The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote command execution, full shell access, and potential lateral movement within the network.",
    "published": "2025-10-23T19:49:23.232Z",
    "modified": "2025-10-23T20:29:27.332Z",
    "type": "cve",
    "title": "Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-03\nhttps://www.veeder.com/us/software-downloads\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-03.json\nhttps://www.veeder.com/us/network-security-reminder",
    "id": "CVE-2025-58428",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Veeder-Root TLS4B Automatic Tank Gauge System 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TLS4B Automatic Tank Gauge System",
    "version": "0",
    "vendor": "Veeder-Root",
    "ai_description": "Remote command execution vulnerability in Veeder-Root TLS4B Automatic Tank Gauge System",
    "ai_severity": "Critical",
    "ai_vendor": "Veeder-Root",
    "ai_product": "TLS4B Automatic Tank Gauge System",
    "ai_version": "0",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply