The PetrolPlaza audio version is presented to you by UNITI expo 2021, the leading retail petroleum and car wash trade fair in Europe.

English Español Fuel station software vulnerable to hacking

US Homeland Security’s cybersecurity agency issued an advisory about a popular fuel station software that is highly vulnerable to hacking.

Last update:
Author: PetrolPlaza Correspondent Pablo Plaza

The Cybersecurity and Infrastructure Security Agency (CISA) gave the Orpak SiteOmat software a vulnerability severity rating of 9.8 out of 10. CISA revealed that this app has several security vulnerabilities which require “low skill” to exploit, reports PYMNTS. Some of the flaws include “use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection and stack-based buffer overflow.”

Orpak SiteOmatsoftware tracks the amount of fuel stored in a fuel station’s tanks, temperature and pressure. The app also sets the price of the gas, and includes card payments. Although the user interface is password protected, CISA explained that the software also had a hard-coded password set by the manufacturer that could easily be hacked to access to the system configuration. Once in the system, anyone could access to payment information or shutting it down entirely.

CISA also stated that the Orpak SiteOmat software presents other flaws that can are potentially easy to exploit remotely, such as code injection and buffer overflow vulnerabilities.

“Successful exploitation of these vulnerabilities could result in arbitrary remote code execution, resulting in possible denial-of-service conditions and unauthorized access to view and edit monitoring, configuration and payment information”, explained CISA.

CISA noted that the bugs had been fixed by the company in a new software version, which users need to update to.

Related contents