OTPulse
FeedAboutContact

Assured Telematics Inc (ATI) Fleet Management System (Update A)

Plan Patch7.5ICS-CERT ICSA-25-140-11May 20, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Assured Telematics Inc (ATI) Fleet Management System versions before February 6th, 2025 contain a CWE-497 (Exposure of Sensitive Information to an Unauthorized Actor) vulnerability. Successful exploitation allows an attacker to read sensitive files from the system without authentication, potentially including administrative credentials or system configuration data. Assured Telematics reports the exposure has been fixed in versions released after February 6th, 2025.

What this means
What could happen
An attacker could read sensitive files on the Fleet Management System and potentially obtain administrative credentials, compromising access control to fleet operations and vehicle telematics data.
Who's at risk
Fleet management operators and utilities that use Assured Telematics Inc (ATI) Fleet Management System for vehicle tracking, maintenance scheduling, and telematics data. This affects organizations in transportation, public works, and municipal services that rely on this system for operational visibility.
How it could be exploited
An attacker on the network sends requests to the Fleet Management System to retrieve sensitive file system information without authentication. If successful, credentials or configuration data stored in those files can be used to gain administrative access to the system.
Prerequisites
  • Network access to the Fleet Management System on the affected version (before February 6th, 2025)
  • No credentials required
Remotely exploitableNo authentication requiredLow attack complexityNo patch available (advisory issued before fix release)Sensitive credential exposure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
Fleet Management System: <February_6th_2025<February 6th 2025February 6th, 2025 or later
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate the Fleet Management System behind a firewall and restrict network access to authorized administrative workstations only
HARDENINGDisable internet-facing access to the Fleet Management System; require VPN with strong authentication for any remote management
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Assured Telematics for information about patched versions after February 6th, 2025 and deploy the fix in a scheduled maintenance window
Long-term hardening
0/1
HARDENINGMonitor for suspicious file read requests or anomalous access patterns to the Fleet Management System
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1c5b1e11-9056-4ce4-9b62-e2be52d9a57f