CVE-2024-43692
published 2024-09-25CVE-2024-43692: An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.51%
39.7th percentile
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dover_fueling_solutions | progauge_maglink_lx4_console | <= 4.17.9e | — |
| dover_fueling_solutions | progauge_maglink_lx_console | <= 3.4.2.2.6 | — |
| doverfuelingsolutions | progauge_maglink_lx4_console_firmware | <= 4.17.9e | — |
| doverfuelingsolutions | progauge_maglink_lx_console_firmware | <= 3.4.2.2.6 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
cisa_ics·2024-09-24·CVSS 10.0
[CRITICAL] Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
ICS Advisory
##
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
Release DateSeptember 24, 2024
Alert CodeICSA-24-268-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dover Fueling Solutions (DFS)
- Equipment: ProGauge MAGLINK LX CONSOLE
- Vulnerabilities: Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting, Authentication Bypass Using an Alternate Path or Channel
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote attacker to gain full control of the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Th
GHSA
GHSA-x4p5-53p5-3j33: An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly
ghsa_unreviewed·2024-09-25
CVE-2024-43692 [CRITICAL] CWE-288 GHSA-x4p5-53p5-3j33: An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-25
Published