CVE-2025-5310

Summary

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.

Affected Software

VendorProductVersion RangeStatus
Dover Fueling SolutionsProGauge MagLink LX 40 < 4.20.3affected
Dover Fueling SolutionsProGauge MagLink LX Plus0 < 4.20.3affected
Dover Fueling SolutionsProGauge MagLink LX Ultimate0 < 5.20.3affected

Weaknesses

  • CWE-306: CWE-306

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References