CVE-2024-45066

Summary

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX CONSOLE0 <= 3.4.2.2.6affected
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX4 CONSOLE0 <= 4.17.9eaffected

Weaknesses

  • CWE-77: CWE-77 Command Injection

Workarounds

DFS strongly encourages users of MagLink products to:

  • Install MagLink consoles behind firewalls for security.

  • Monitor and install updates on a timely basis.

  • Contact DFS customer support with any questions about operations or updates of MagLink software.

Alternatively, MagLink may operate offfline or disconnected from a network.

Registered MagLink customers have access to technical information, updates, and technical bulletins via a DFS proprietary portal.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References