HD Moore from Rapid7 recently disclosed that over 5800 Automated Tank Gauges at gas stations around the world were publicly accessible. Anyone connected to the internet can now view the in-tank inventories of the gas stations and manage the gas tanks.
The process to access the gauges is simple:
1. Telnet into port 10001 of an ATG’s IP.
2. Type ^A (Ctrl A) followed by I20100. This command outputs a basic report.
There are over 600 commands that can be executed, some of which include setting alarm thresholds, editing sensor configurations, and running tank tests. You can view them all in the vendor manual.
A list of affected IP’s can be found on Shodan.
Is there any other way to get the same information using another method than via telnet?
nmap –script atg-info -p 10001 –script-args command=I20200 <HOST>
#Using –script-args command=I20200 you will be able to pull a diffrent report than the I20100.