CVE-2023-38256 - Vulnerability Details - OpenCVE

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Doverfuelingsolutions	Maglink Lx 3 Maglink Lx Web Console Configuration

Configuration 1 [-]

AND

OR	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:::::::*

cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-09-11T19:34:11.246Z

Updated: 2024-08-02T17:39:12.064Z

Reserved: 2023-09-01T20:57:37.393Z

Link: CVE-2023-38256

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-09-11T20:15:09.307

Modified: 2024-11-21T08:13:11.827

Link: CVE-2023-38256

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38256", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-09-01T20:57:37.393Z", "datePublished": "2023-09-11T19:34:11.246Z", "dateUpdated": "2024-08-02T17:39:12.064Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MAGLINK LX Web Console Configuration", "vendor": "Dover Fueling Solutions", "versions": [{"status": "affected", "version": "2.5.1"}, {"status": "affected", "version": "2.5.2"}, {"status": "affected", "version": "2.5.3"}, {"status": "affected", "version": "2.6.1"}, {"status": "affected", "version": "2.11"}, {"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.2"}, {"status": "affected", "version": "3.3"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"}], "datePublic": "2023-09-07T18:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\n<span style=\"background-color: rgb(255, 255, 255);\">vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.</span>\n\n"}], "value": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\nvulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-09-11T19:34:11.246Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.<br>"}], "value": "In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Dover Fueling Solutions MAGLINK LX Console Path Traversal", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:12.064Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C3C3D27-24CD-43C8-BE87-BDD72B25C767", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7D7C82DE-6F4D-4143-B0E9-D9ACD9C12AF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "97DE034A-BDA6-4B51-A4CC-A680635949F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D2E3F6F-8929-4323-B0E6-97A24A2EE708", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "384A423B-2C17-43D4-991E-1A0324329147", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6565920-179C-42BF-9AF2-1CE627ECD3F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "84206322-6805-40D5-BC95-254D669E644D", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F7737DE0-8334-49C2-A44F-9F47E0BE2438", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "766A65BA-C796-482B-A74B-BCE28D200AB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\nvulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.\n\n"}, {"lang": "es", "value": "Dover Fueling Solutions MAGLINK LX Web Console Versiones de configuraci\u00f3n 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2 y 3.3 vulnerables a un ataque de path traversal, que podr\u00eda permitir a un atacante acceder a archivos almacenados en el sistema."}], "id": "CVE-2023-38256", "lastModified": "2024-11-21T08:13:11.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-11T20:15:09.307", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}