OTPulse
FeedAboutContact

Franklin Fueling Systems TS-550 EVO

Plan Patch7.5ICS-CERT ICSA-24-268-03Sep 24, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A path traversal vulnerability (CWE-36) in Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 allows unauthenticated remote attackers to gain administrative access to the fueling system controller. Successful exploitation enables an attacker to execute administrative commands and modify system settings, affecting fuel dispensing logic, inventory records, pricing, and station operations.

What this means
What could happen
An attacker could gain administrative access to the TS-550 EVO fueling system controller, allowing them to modify fuel dispensing logic, pricing, inventory records, or prevent fuel sales operations entirely.
Who's at risk
Fuel retailers and fuel station operators using Franklin Fueling Systems TS-550 EVO controllers for pump management, inventory tracking, and transaction processing. This affects any site relying on the TS-550 EVO for point-of-sale and fueling operations.
How it could be exploited
An attacker with network access to the TS-550 EVO can send a specially crafted request that exploits a path traversal flaw (CWE-36) to bypass authentication checks and obtain administrative credentials or tokens without requiring valid credentials.
Prerequisites
  • Network access to the TS-550 EVO device (direct or through an exposed management interface)
  • No authentication credentials required for exploitation
Remotely exploitableNo authentication requiredLow complexity exploitationAffects fuel dispensing and transaction systemsNo patch currently available
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
TS-550 EVO: <2.26.4.8967<2.26.4.89672.26.4.8967
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGIsolate TS-550 EVO and all fueling control network segments behind firewalls, restricting all inbound access from business networks and internet
WORKAROUNDDisable or restrict network management interfaces on TS-550 EVO; limit administrative access to physically local connections only if operationally feasible
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TS-550 EVO firmware to version 2.26.4.8967 or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to separate fueling system controllers from point-of-sale systems and customer-facing networks
HARDENINGIf remote access to TS-550 EVO is required, use a VPN with current patches and strong authentication; ensure the VPN gateway itself is hardened and monitored
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6d5afde0-2ba3-4bc3-9703-e5152940113a
Franklin Fueling Systems TS-550 EVO | CVSS 7.5 - OTPulse