CVE-2024-45373

Summary

Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.

Affected Software

VendorProductVersion RangeStatus
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX CONSOLE0 <= 3.4.2.2.6affected
Dover Fueling Solutions (DFS)ProGauge MAGLINK LX4 CONSOLE0 <= 4.17.9eaffected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

Workarounds

DFS strongly encourages users of MagLink products to:

  • Install MagLink consoles behind firewalls for security.

  • Monitor and install updates on a timely basis.

  • Contact DFS customer support with any questions about operations or updates of MagLink software.

Alternatively, MagLink may operate offfline or disconnected from a network.

Registered MagLink customers have access to technical information, updates, and technical bulletins via a DFS proprietary portal.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References