cve-2023-41256
Vulnerability from cvelistv5
Published
2023-09-11 18:55
Modified
2024-08-02 18:54
Severity ?
Summary
Dover Fueling Solutions MAGLINK LX Console Authentication Bypass
References
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01Third Party Advisory, US Government Resource
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:54:04.641Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MAGLINK LX Web Console Configuration",
          "vendor": "Dover Fueling Solutions",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.1"
            },
            {
              "status": "affected",
              "version": "2.5.2"
            },
            {
              "status": "affected",
              "version": "2.5.3"
            },
            {
              "status": "affected",
              "version": "2.6.1"
            },
            {
              "status": "affected",
              "version": "2.11"
            },
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "3.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"
        }
      ],
      "datePublic": "2023-09-07T17:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-11T18:55:05.231Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Dover Fueling Solutions MAGLINK LX Console Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-41256",
    "datePublished": "2023-09-11T18:55:05.231Z",
    "dateReserved": "2023-09-01T20:57:37.402Z",
    "dateUpdated": "2024-08-02T18:54:04.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-41256\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-09-11T19:15:43.987\",\"lastModified\":\"2023-09-15T17:38:24.403\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Las versiones de configuraci\u00f3n de la consola web MAGLINK LX de Dover Fueling Solutions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2 y 3.3 son vulnerables a la omisi\u00f3n de autenticaci\u00f3n que podr\u00eda permitir que un atacante no autorizado obtenga acceso de usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C3C3D27-24CD-43C8-BE87-BDD72B25C767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D7C82DE-6F4D-4143-B0E9-D9ACD9C12AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97DE034A-BDA6-4B51-A4CC-A680635949F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D2E3F6F-8929-4323-B0E6-97A24A2EE708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"384A423B-2C17-43D4-991E-1A0324329147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6565920-179C-42BF-9AF2-1CE627ECD3F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84206322-6805-40D5-BC95-254D669E644D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7737DE0-8334-49C2-A44F-9F47E0BE2438\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766A65BA-C796-482B-A74B-BCE28D200AB9\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.