CRITICAL🇵🇱 Wersja polska

CVE-2024-45066

CVSS 10.0v4.0pub. 2024-09-25upd. 2024-10-01

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.

🤖 AI Analysis
How it works

An attacker sends a specially crafted HTTP POST request to the IP configuration submenu in the web interface of the ProGauge MAGLINK LX console. Input data submitted in this request is not properly validated or filtered, allowing injection and execution of arbitrary system commands (CWE-77: Improper Neutralization of Special Elements used in a Command). The attack does not require account possession or any form of authentication, and its execution does not require user interaction.

Impact

Attackers gain the ability to remotely execute arbitrary commands on the device, which can lead to complete takeover of the console, manipulation of measurement data, and potential disruption of fuel station infrastructure operations.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references (CISA ICS Advisory ICSA-24-268-04). Additionally, it is recommended to restrict network access to the device management interface exclusively to trusted hosts and to isolate OT/ICS devices from the public Internet using firewalls or VLAN networks.

Who is affected

Dover Fueling Solutions ProGauge MAGLINK LX Console and ProGauge MAGLINK LX4 Console firmware and consoles — versions indicated in the manufacturer's references (ICS Advisory ICSA-24-268-04)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Doverfuelingsolutions Progauge Maglink Lx4 Console

    HW
    Doverfuelingsolutions
    wszystkie wersje
  • Doverfuelingsolutions Progauge Maglink Lx4 Console Firmware

    OS
    Doverfuelingsolutions
    ≤ 4.17.9e
  • Doverfuelingsolutions Progauge Maglink Lx Console

    HW
    Doverfuelingsolutions
    wszystkie wersje
  • Doverfuelingsolutions Progauge Maglink Lx Console Firmware

    OS
    Doverfuelingsolutions
    ≤ 3.4.2.2.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-43423CRITICAL9.3PL ✓ten sam produkt

Zakodowane na stałe hasło konta administratora w ProGauge MAGLINK LX/LX4 Console

CVE-2024-43692CRITICAL9.3PL ✓ten sam produkt

Pominięcie uwierzytelnienia w ProGauge MAGLINK LX Console

CVE-2024-43693CRITICAL10.0PL ✓ten sam produkt

Command injection w ProGauge MAGLINK LX Console — zdalne wykonanie poleceń

CVE-2024-41725HIGH8.7ten sam produkt

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages ...

CVE-2024-45373HIGH8.7ten sam produkt

Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.