CVE-2023-41256 - OpenCVE

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Doverfuelingsolutions	Maglink Lx 3 Maglink Lx Web Console Configuration

Configuration 1 [-]

AND

OR	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:::::::*

cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-09-11T18:55:05.231Z

Updated: 2024-08-02T18:54:04.641Z

Reserved: 2023-09-01T20:57:37.402Z

Link: CVE-2023-41256

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-11T19:15:43.987

Modified: 2023-09-15T17:38:24.403

Link: CVE-2023-41256

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41256", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-09-01T20:57:37.402Z", "datePublished": "2023-09-11T18:55:05.231Z", "dateUpdated": "2024-08-02T18:54:04.641Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MAGLINK LX Web Console Configuration", "vendor": "Dover Fueling Solutions", "versions": [{"status": "affected", "version": "2.5.1"}, {"status": "affected", "version": "2.5.2"}, {"status": "affected", "version": "2.5.3"}, {"status": "affected", "version": "2.6.1"}, {"status": "affected", "version": "2.11"}, {"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.2"}, {"status": "affected", "version": "3.3"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"}], "datePublic": "2023-09-07T17:43:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.</span>\n\n"}], "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-09-11T18:55:05.231Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.</span>\n\n<br>"}], "value": "\nIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Dover Fueling Solutions MAGLINK LX Console Authentication Bypass", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:04.641Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C3C3D27-24CD-43C8-BE87-BDD72B25C767", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7D7C82DE-6F4D-4143-B0E9-D9ACD9C12AF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "97DE034A-BDA6-4B51-A4CC-A680635949F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D2E3F6F-8929-4323-B0E6-97A24A2EE708", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "384A423B-2C17-43D4-991E-1A0324329147", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6565920-179C-42BF-9AF2-1CE627ECD3F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "84206322-6805-40D5-BC95-254D669E644D", "vulnerable": true}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F7737DE0-8334-49C2-A44F-9F47E0BE2438", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "766A65BA-C796-482B-A74B-BCE28D200AB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"}, {"lang": "es", "value": "Las versiones de configuraci\u00f3n de la consola web MAGLINK LX de Dover Fueling Solutions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2 y 3.3 son vulnerables a la omisi\u00f3n de autenticaci\u00f3n que podr\u00eda permitir que un atacante no autorizado obtenga acceso de usuario."}], "id": "CVE-2023-41256", "lastModified": "2023-09-15T17:38:24.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-09-11T19:15:43.987", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}