- Rename Tank Information: On consoles using Telnet, hackers find the MAC address, determine whether it is a TLS-350 or TLS-450PLUS and simply change the tank names to something inappropriate.
- Resize Tanks (From 10K to 20K Tanks): It is possible to change the tank size so it appears the tank can hold more than it really can. The thresholds could also be changed so that overflow alarms appear at a higher level. The potential would be to overfill the tank causing an environmental leak.
- Shutdown Dispensing (PLLD and Relay Settings): The relays could be deprogrammed so that the pump wouldn’t be activated on a hook signal. Additionally, PLLD could be turned off so catastrophic leaks may not be detected.
- Capture Sensitive Corporate Data: By monitoring a Telnet connections, an observer can begin to understand details about the corporate operations and delivery, inventory, alarm and other data.
- Shutdown IP cards / Networking Services: A company could be hacked and their TLS-350 ethernet cards shutdown. The hackers may exploit various corporate network vulnerabilities and gained access to the Ethernet cards that weren’t configured with passwords. Management system would not have access and may not warn on low full. This could happen in critical situations (hospitals, emergency providers, rental agencies, etc.).
- Loss of Compliance Data: Reprograming the console could result in the loss of compliance data resulting in potential fines.
New methods of attacking equipment are discovered daily.
These are collected in a national database (CVE) and made available to the public to address the issues. Software suppliers, including Veeder-Root, use this information to create fixes. As fixes are made available, equipment should be upgraded to protect it from potential security vulnerabilities. Veeder-Root uses two platforms daily to discover any new vulnerabilities in our TLS-450PLUS software.