CRITICAL🇵🇱 Wersja polska

CVE-2024-43693

CVSS 10.0v4.0pub. 2024-09-25upd. 2024-10-01

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.

🤖 AI Analysis
How it works

An attacker sends a specially crafted HTTP POST request to the UTILITY submenu in the ProGauge MAGLINK LX console interface. Input data contained in the request is not properly validated or sanitized, allowing injection and execution of arbitrary system commands (CWE-77). The attack does not require authentication, user interaction, or specific network conditions — only network access to the device is needed.

Impact

An attacker can execute arbitrary commands with the privileges of the process handling requests, which in practice may mean complete takeover of the device, manipulation of fuel measurement data, and potential impact on gas station infrastructure.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (CISA ICS Advisory ICSA-24-268-04). Additionally, it is recommended to restrict network access to the console interface through a firewall or OT/ICS network segmentation and isolate devices from the public Internet.

Who is affected

Dover Fueling Solutions ProGauge MAGLINK LX Console (firmware and console software) and ProGauge MAGLINK LX4 Console (firmware and console software) — specific versions indicated in manufacturer references (ICSA-24-268-04)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Doverfuelingsolutions Progauge Maglink Lx4 Console

    HW
    Doverfuelingsolutions
    wszystkie wersje
  • Doverfuelingsolutions Progauge Maglink Lx4 Console Firmware

    OS
    Doverfuelingsolutions
    ≤ 4.17.9e
  • Doverfuelingsolutions Progauge Maglink Lx Console

    HW
    Doverfuelingsolutions
    wszystkie wersje
  • Doverfuelingsolutions Progauge Maglink Lx Console Firmware

    OS
    Doverfuelingsolutions
    ≤ 3.4.2.2.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-43423CRITICAL9.3PL ✓ten sam produkt

Zakodowane na stałe hasło konta administratora w ProGauge MAGLINK LX/LX4 Console

CVE-2024-43692CRITICAL9.3PL ✓ten sam produkt

Pominięcie uwierzytelnienia w ProGauge MAGLINK LX Console

CVE-2024-45066CRITICAL10.0PL ✓ten sam produkt

Command injection w konsolach ProGauge MAGLINK LX/LX4 — zdalne wykonanie poleceń

CVE-2024-41725HIGH8.7ten sam produkt

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages ...

CVE-2024-45373HIGH8.7ten sam produkt

Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.