Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
Fixes

Solution

Dover Fueling Solutions released a new software update version 4.19.10 for the MagLink LX console to address these vulnerabilities. The software release is available for installation on consoles through DFS's authorized service organizations in North America. North American users can reach DFS's customer support team by telephone at 877-679-8324.


Workaround

DFS strongly encourages users of MagLink products to: * Install MagLink consoles behind firewalls for security. * Monitor and install updates on a timely basis. * Contact DFS customer support with any questions about operations or updates of MagLink software. Alternatively, MagLink may operate offfline or disconnected from a network. Registered MagLink customers have access to technical information, updates, and technical bulletins via a DFS proprietary portal.

History

Tue, 01 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Doverfuelingsolutions progauge Maglink Lx4 Console
Doverfuelingsolutions progauge Maglink Lx4 Console Firmware
Doverfuelingsolutions progauge Maglink Lx Console
Doverfuelingsolutions progauge Maglink Lx Console Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:*
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:*
Vendors & Products Doverfuelingsolutions progauge Maglink Lx4 Console
Doverfuelingsolutions progauge Maglink Lx4 Console Firmware
Doverfuelingsolutions progauge Maglink Lx Console
Doverfuelingsolutions progauge Maglink Lx Console Firmware

Wed, 25 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Doverfuelingsolutions
Doverfuelingsolutions maglink Lx4 Console
Doverfuelingsolutions maglink Lx Console
CPEs cpe:2.3:a:doverfuelingsolutions:maglink_lx4_console:*:*:*:*:*:*:*:*
cpe:2.3:a:doverfuelingsolutions:maglink_lx_console:*:*:*:*:*:*:*:*
Vendors & Products Doverfuelingsolutions
Doverfuelingsolutions maglink Lx4 Console
Doverfuelingsolutions maglink Lx Console
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 00:00:00 +0000

Type Values Removed Values Added
Description Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
Title Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Improper Privilege Management
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-09-25T16:57:09.490Z

Reserved: 2024-09-05T20:11:00.332Z

Link: CVE-2024-45373

cve-icon Vulnrichment

Updated: 2024-09-25T16:57:03.412Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-25T01:15:43.930

Modified: 2024-10-01T16:13:23.823

Link: CVE-2024-45373

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.