Search criteria
7 vulnerabilities by Dover Fueling Solutions
CVE-2025-30519 (GCVE-0-2025-30519)
Vulnerability from cvelistv5 – Published: 2025-09-18 20:46 – Updated: 2025-09-19 13:05
VLAI?
Title
Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Weak Credentials
Summary
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard
administrative means. An attacker with network access to the device can
gain administrative access to the system.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dover Fueling Solutions | ProGauge MagLink LX 4 |
Affected:
0 , < 4.20.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:05:08.342046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:05:20.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices\u0026nbsp;have default root credentials that cannot be changed through standard \nadministrative means. An attacker with network access to the device can \ngain administrative access to the system."
}
],
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices\u00a0have default root credentials that cannot be changed through standard \nadministrative means. An attacker with network access to the device can \ngain administrative access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T20:46:42.642Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"
},
{
"url": "https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\u003c/p\u003e\n\u003cp\u003eDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html \u00a0.For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html \u00a0or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks."
}
],
"source": {
"advisory": "ICSA-25-261-07",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Weak Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-30519",
"datePublished": "2025-09-18T20:46:42.642Z",
"dateReserved": "2025-08-18T15:32:05.607Z",
"dateUpdated": "2025-09-19T13:05:20.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54807 (GCVE-0-2025-54807)
Vulnerability from cvelistv5 – Published: 2025-09-18 20:44 – Updated: 2025-09-19 13:06
VLAI?
Title
Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Hard-coded Cryptographic Key
Summary
The secret used for validating authentication tokens is hardcoded in
device firmware for affected versions. An attacker who obtains the
signing key can bypass authentication, gaining complete access to the
system.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dover Fueling Solutions | ProGauge MagLink LX 4 |
Affected:
0 , < 4.20.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:05:56.641781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:06:19.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem."
}
],
"value": "The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T20:44:04.094Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"
},
{
"url": "https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\u003c/p\u003e\n\u003cp\u003eDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html \u00a0.For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html \u00a0or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks."
}
],
"source": {
"advisory": "ICSA-25-261-07",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-54807",
"datePublished": "2025-09-18T20:44:04.094Z",
"dateReserved": "2025-08-18T15:32:05.596Z",
"dateUpdated": "2025-09-19T13:06:19.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55068 (GCVE-0-2025-55068)
Vulnerability from cvelistv5 – Published: 2025-09-18 20:42 – Updated: 2025-09-19 13:06
VLAI?
Title
Dover Fueling Solutions ProGauge MagLink LX4 Devices Integer Overflow or Wraparound
Summary
Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point.
An attacker can manually change the system time to exploit this
limitation, potentially causing errors in authentication and leading to a
denial-of-service condition.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dover Fueling Solutions | ProGauge MagLink LX 4 |
Affected:
0 , < 4.20.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:06:34.220442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:06:42.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point.\n An attacker can manually change the system time to exploit this \nlimitation, potentially causing errors in authentication and leading to a\n denial-of-service condition."
}
],
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point.\n An attacker can manually change the system time to exploit this \nlimitation, potentially causing errors in authentication and leading to a\n denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T20:42:29.547Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"
},
{
"url": "https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\u003c/p\u003e\n\u003cp\u003eDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html \u00a0.For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html \u00a0or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks."
}
],
"source": {
"advisory": "ICSA-25-261-07",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX4 Devices Integer Overflow or Wraparound",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-55068",
"datePublished": "2025-09-18T20:42:29.547Z",
"dateReserved": "2025-08-18T15:32:05.574Z",
"dateUpdated": "2025-09-19T13:06:42.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5310 (GCVE-0-2025-5310)
Vulnerability from cvelistv5 – Published: 2025-06-27 17:22 – Updated: 2025-06-27 17:41
VLAI?
Title
Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
Summary
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dover Fueling Solutions | ProGauge MagLink LX 4 |
Affected:
0 , < 4.20.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Souvik Kandar of Microsec reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T17:41:36.119969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:41:45.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar of Microsec reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions ProGauge MagLink LX Consoles\u0026nbsp;expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution."
}
],
"value": "Dover Fueling Solutions ProGauge MagLink LX Consoles\u00a0expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:22:02.680Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05"
},
{
"url": "https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx?OR=Teams%2DHL\u0026CT=1736953471669\u0026id=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017%2FVU%23285756%20%2D%20Dover%20Fueling%20Solutions%20ProGauge%20MAGLINK%20%2D%20Notice%20%28Draft%29%2Ehtml\u0026viewid=243fd1ea%2Da122%2D4cc0%2Dbe91%2Dd0714ca46b87\u0026parent=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx?OR=Teams%2DHL\u0026amp;CT=1736953471669\u0026amp;id=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017%2FVU%23285756%20%2D%20Dover%20Fueling%20Solutions%20ProGauge%20MAGLINK%20%2D%20Notice%20%28Draft%29%2Ehtml\u0026amp;viewid=243fd1ea%2Da122%2D4cc0%2Dbe91%2Dd0714ca46b87\u0026amp;parent=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017\"\u003ewebsite\u003c/a\u003e.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx?OR=Teams%2DHL\u0026amp;CT=1736953471669\u0026amp;id=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017%2FVU%23285756%20%2D%20Dover%20Fueling%20Solutions%20ProGauge%20MAGLINK%20%2D%20Notice%20%28Draft%29%2Ehtml\u0026amp;viewid=243fd1ea%2Da122%2D4cc0%2Dbe91%2Dd0714ca46b87\u0026amp;parent=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx .For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx \u00a0or later."
}
],
"source": {
"advisory": "ICSA-25-168-05",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-5310",
"datePublished": "2025-06-27T17:22:02.680Z",
"dateReserved": "2025-05-28T21:03:37.200Z",
"dateUpdated": "2025-06-27T17:41:45.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36497 (GCVE-0-2023-36497)
Vulnerability from cvelistv5 – Published: 2023-09-11 19:36 – Updated: 2025-01-16 21:29
VLAI?
Title
Dover Fueling Solutions MAGLINK LX Web Console Authentication Bypass by Primary Weakness
Summary
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3
could allow a guest user to elevate to admin privileges.
Severity ?
8.8 (High)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dover Fueling Solutions | MAGLINK LX Web Console Configuration |
Affected:
2.5.1
Affected: 2.5.2 Affected: 2.5.3 Affected: 2.6.1 Affected: 2.11 Affected: 3.0 Affected: 3.2 Affected: 3.3 |
Credits
Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:25.054838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:29:58.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MAGLINK LX Web Console Configuration",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"status": "affected",
"version": "2.5.1"
},
{
"status": "affected",
"version": "2.5.2"
},
{
"status": "affected",
"version": "2.5.3"
},
{
"status": "affected",
"version": "2.6.1"
},
{
"status": "affected",
"version": "2.11"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"
}
],
"datePublic": "2023-09-07T18:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a guest user to elevate to admin privileges\u003c/span\u003e."
}
],
"value": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\ncould allow a guest user to elevate to admin privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T16:31:42.756Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\u003cbr\u003e"
}
],
"value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions MAGLINK LX Web Console Authentication Bypass by Primary Weakness",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-36497",
"datePublished": "2023-09-11T19:36:26.795Z",
"dateReserved": "2023-09-01T20:57:37.407Z",
"dateUpdated": "2025-01-16T21:29:58.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38256 (GCVE-0-2023-38256)
Vulnerability from cvelistv5 – Published: 2023-09-11 19:34 – Updated: 2025-01-16 21:30
VLAI?
Title
Dover Fueling Solutions MAGLINK LX Console Path Traversal
Summary
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3
vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.
Severity ?
6.8 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dover Fueling Solutions | MAGLINK LX Web Console Configuration |
Affected:
2.5.1
Affected: 2.5.2 Affected: 2.5.3 Affected: 2.6.1 Affected: 2.11 Affected: 3.0 Affected: 3.2 Affected: 3.3 |
Credits
Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:19:09.343199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:30:07.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MAGLINK LX Web Console Configuration",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"status": "affected",
"version": "2.5.1"
},
{
"status": "affected",
"version": "2.5.2"
},
{
"status": "affected",
"version": "2.5.3"
},
{
"status": "affected",
"version": "2.6.1"
},
{
"status": "affected",
"version": "2.11"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"
}
],
"datePublic": "2023-09-07T18:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.\u003c/span\u003e\n\n"
}
],
"value": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\nvulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T19:34:11.246Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\u003cbr\u003e"
}
],
"value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions MAGLINK LX Console Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-38256",
"datePublished": "2023-09-11T19:34:11.246Z",
"dateReserved": "2023-09-01T20:57:37.393Z",
"dateUpdated": "2025-01-16T21:30:07.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41256 (GCVE-0-2023-41256)
Vulnerability from cvelistv5 – Published: 2023-09-11 18:55 – Updated: 2025-01-16 21:30
VLAI?
Title
Dover Fueling Solutions MAGLINK LX Console Authentication Bypass
Summary
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.
Severity ?
9.1 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dover Fueling Solutions | MAGLINK LX Web Console Configuration |
Affected:
2.5.1
Affected: 2.5.2 Affected: 2.5.3 Affected: 2.6.1 Affected: 2.11 Affected: 3.0 Affected: 3.2 Affected: 3.3 |
Credits
Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:59.719159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:30:15.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MAGLINK LX Web Console Configuration",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"status": "affected",
"version": "2.5.1"
},
{
"status": "affected",
"version": "2.5.2"
},
{
"status": "affected",
"version": "2.5.3"
},
{
"status": "affected",
"version": "2.6.1"
},
{
"status": "affected",
"version": "2.11"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"
}
],
"datePublic": "2023-09-07T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\u003c/span\u003e\n\n"
}
],
"value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:55:05.231Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions MAGLINK LX Console Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-41256",
"datePublished": "2023-09-11T18:55:05.231Z",
"dateReserved": "2023-09-01T20:57:37.402Z",
"dateUpdated": "2025-01-16T21:30:15.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}