CVE-2025-55067
published 2025-10-23CVE-2025-55067: The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19…
PriorityP340high7.1CVSS 3.1
AVNACLPRLUINSUCNILAH
EPSS
0.43%
34.3th percentile
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history visibility, and leak detection termination. This vulnerability could allow an attacker to manipulate the system time to trigger a denial of service (DoS) condition, leading to administrative lockout, operational timer failures, and corrupted log entries.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeder-root | tls4b_automatic_tank_gauge_system | < 11.A | 11.A |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Veeder-Root TLS4B Automatic Tank Gauge System
cisa_ics·2025-10-23·CVSS 9.9
[CRITICAL] Veeder-Root TLS4B Automatic Tank Gauge System
ICS Advisory
##
Veeder-Root TLS4B Automatic Tank Gauge System
Release DateOctober 23, 2025
Alert CodeICSA-25-296-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Veeder-Root
- Equipment: TLS4B Automatic Tank Gauge System
- Vulnerabilities: Improper Neutralization of Special Elements used in a Command ('Command Injection'), Integer Overflow or Wraparound
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow attackers to execute system-level commands, gain full shell access, achieve remote command execution, move laterally within the network, trigger a denial of service condi
GHSA
GHSA-prwc-ww33-6c67: The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover
ghsa_unreviewed·2025-10-23
CVE-2025-55067 [HIGH] CWE-190 GHSA-prwc-ww33-6c67: The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history visibility, and leak detection termination. This vulnerability could allow an attacker to manipulate the system time to trigger a denial of service (DoS) condition, leading to administrative lockout, operational timer failures, and corrupted log entries.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-23
Published