Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| ics-cert@hq.dhs.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.1 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.2 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.11 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.0 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.3 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.6.1 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.2 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.3 |
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N | 2.3 | 4.0 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.1 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.2 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.11 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.0 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.3 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.6.1 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.2 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.3 |
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
| ics-cert@hq.dhs.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.1 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.2 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.11 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.0 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.3 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.6.1 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 2.5.2 |
| doverfuelingsolutions | maglink_lx_web_console_configuration | 3.3 |
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | * |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | * |
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| ics-cert@hq.dhs.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | * |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | * |
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | * |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | * |
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | * |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | * |
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 10.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 3.9 | 6.0 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | * |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | * |
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| ics-cert@hq.dhs.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | * |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | * |