cbcvebase.
CVE-2024-8310
published 2024-09-27

CVE-2024-8310: OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.72%
49.3th percentile
OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.

Affected

1 ranges
VendorProductVersion rangeFixed in
opw_fuel_managements_systemssitesentinel< 17Q2.117Q2.1

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is OPW Fuel Management Systems SiteSentinel running versions prior to 17Q2.1 — all such instances are vulnerable to authentication bypass granting full admin privileges remotely with no credentials required (CVSS 9.8/9.3)
  • Vulnerability class is Missing Authentication For Critical Function (CWE-306); monitor for unauthenticated requests reaching administrative endpoints on SiteSentinel servers exposed to the network
  • Attack vector is network-accessible with low complexity and no privileges or user interaction required — alert on any external/unauthenticated sessions that result in admin-level access on SiteSentinel
  • ·Only SiteSentinel versions prior to 17Q2.1 are confirmed vulnerable; versions newer than 17Q2.1 may also require verification with DFS to confirm fixes are included
  • ·Users with products distributed with versions newer than V17Q.2.1 should still confirm patch status with Dover Fueling Systems, as not all newer builds may contain the required fixes
  • ·No known public exploitation has been reported at time of advisory publication
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.