Franklin Fueling System TS-550

Plan Patch8.3ICS-CERT ICSA-23-306-04Nov 2, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in Franklin Fueling Systems TS-550 fuel management controller versions prior to 1.9.23.8960 allows unauthenticated remote access. An attacker with network access can connect to the device without credentials and gain administrative privileges, potentially enabling modification of fuel dispenser settings, transaction data tampering, or operational disruption. The vulnerability is classified as CWE-916 (Use of Password Hash With Insufficient Computational Effort).

What this means

What could happen

An attacker with network access to a TS-550 device could gain unauthenticated administrative access, allowing them to modify fuel dispenser configurations, alter transaction records, or disrupt fuel distribution operations.

Who's at risk

Fuel station operators and convenience store chains using Franklin Fueling Systems TS-550 controllers should prioritize this fix. The TS-550 manages fuel dispensers and transaction processing, making it critical to the fuel supply chain and point-of-sale operations.

How it could be exploited

An attacker on the network reachable by the TS-550 connects directly to the device without credentials and exploits the authentication bypass flaw to gain admin access. This could occur if the device is exposed to the internet or accessible from an unsecured network segment.

Prerequisites

Network access to TS-550 device (from internet or accessible network)
No authentication credentials required

Remotely exploitableNo authentication requiredLow attack complexityAffects revenue-critical operationsAffects fuel distribution

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

TS-550: <1.9.23.8960<1.9.23.89601.9.23.8960

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate TS-550 device behind a firewall and restrict network access to authorized personnel only; do not expose to the internet

WORKAROUNDIf remote access to TS-550 is required, enforce VPN connections with strong authentication and keep VPN software updated

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TS-550 firmware to version 1.9.23.8960 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to separate the fueling system network from the business/corporate network

CVEs (1)

CVE-2023-5846

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3a949539-cc64-40f5-ab37-1d966aa513d0