CVE-2025-58428
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-10-27

Assigner: ICS-CERT

Description
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote command execution, full shell access, and potential lateral movement within the network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58428
EUVD
EUVD-2025-35717
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
veeder-root tls4b_automatic_tank_gauge *
veeder-root tls4_series_atg *
veeder-root tls4b_automatic_tank_gauge 11.a
veeder-root tls-3xx_series_atg *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the TLS4B ATG system is a command injection flaw in its SOAP-based web services interface. It allows remote attackers who have valid credentials to execute system-level commands on the underlying Linux operating system. This means an attacker can gain full shell access and potentially move laterally within the network, compromising the system and connected devices. [3]

Impact Analysis

This vulnerability can lead to full system compromise, including remote command execution and full shell access. Attackers can disrupt core functionalities, cause denial of service, lock out administrators, and move laterally within the network, potentially affecting other connected systems and critical infrastructure. [3]

Mitigation Strategies

Immediate steps to mitigate CVE-2025-58428 include upgrading the TLS4B ATG system to version 11.A as recommended by Veeder-Root. Additionally, implement network security best practices such as isolating control networks behind firewalls, minimizing network exposure of control system devices, using secure remote access methods like updated VPNs, configuring separated network ports to isolate traffic, changing default network port numbers, and adding serial command security codes to harden remote access. For older systems, consider upgrading to newer models or adding additional network firewall equipment. Organizations should also perform impact analysis and risk assessments before deploying mitigations. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58428. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart