CVE-2024-8310
published 2024-09-27CVE-2024-8310: OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.72%
49.3th percentile
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opw_fuel_managements_systems | sitesentinel | < 17Q2.1 | 17Q2.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is OPW Fuel Management Systems SiteSentinel running versions prior to 17Q2.1 — all such instances are vulnerable to authentication bypass granting full admin privileges remotely with no credentials required (CVSS 9.8/9.3) ↗
- →Vulnerability class is Missing Authentication For Critical Function (CWE-306); monitor for unauthenticated requests reaching administrative endpoints on SiteSentinel servers exposed to the network ↗
- →Attack vector is network-accessible with low complexity and no privileges or user interaction required — alert on any external/unauthenticated sessions that result in admin-level access on SiteSentinel ↗
- ·Only SiteSentinel versions prior to 17Q2.1 are confirmed vulnerable; versions newer than 17Q2.1 may also require verification with DFS to confirm fixes are included ↗
- ·Users with products distributed with versions newer than V17Q.2.1 should still confirm patch status with Dover Fueling Systems, as not all newer builds may contain the required fixes ↗
- ·No known public exploitation has been reported at time of advisory publication ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-42m7-33x8-mvrh: OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges
ghsa_unreviewed·2024-09-27
CVE-2024-8310 [CRITICAL] CWE-306 GHSA-42m7-33x8-mvrh: OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
CISA ICS
OPW Fuel Management Systems SiteSentinel
cisa_ics·2024-09-24·CVSS 9.8
[CRITICAL] OPW Fuel Management Systems SiteSentinel
ICS Advisory
##
OPW Fuel Management Systems SiteSentinel
Release DateSeptember 24, 2024
Alert CodeICSA-24-268-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: OPW Fuel Managements Systems
- Equipment: SiteSentinel
- Vulnerability: Missing Authentication For Critical Function
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to bypass authentication and obtain full administrative privileges to the server.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following OPW Fuel Management Systems products are affected:
- SiteSentinel: Versions prior to 17Q2.1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-27
Published