CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5310 – Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-5310
27 Jun 2025 — Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution. Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45066 – Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection
https://notcve.org/view.php?id=CVE-2024-45066
24 Sep 2024 — A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43693 – Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection
https://notcve.org/view.php?id=CVE-2024-43693
24 Sep 2024 — A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45373 – Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Improper Privilege Management
https://notcve.org/view.php?id=CVE-2024-45373
24 Sep 2024 — Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43423 – Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Use of Hard-coded Password
https://notcve.org/view.php?id=CVE-2024-43423
24 Sep 2024 — The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 • CWE-259: Use of Hard-coded Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43692 – Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel
https://notcve.org/view.php?id=CVE-2024-43692
24 Sep 2024 — An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41725 – Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Cross-site Scripting
https://notcve.org/view.php?id=CVE-2024-41725
24 Sep 2024 — ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •