Vulnerabilites related to Dover Fueling Solutions - ProGauge MagLink LX Plus
CVE-2025-5310 (GCVE-0-2025-5310)
Vulnerability from cvelistv5
Published
2025-06-27 17:22
Modified
2025-06-27 17:41
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dover Fueling Solutions | ProGauge MagLink LX 4 |
Version: 0 < 4.20.3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T17:41:36.119969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:41:45.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar of Microsec reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions ProGauge MagLink LX Consoles\u0026nbsp;expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution."
}
],
"value": "Dover Fueling Solutions ProGauge MagLink LX Consoles\u00a0expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:22:02.680Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05"
},
{
"url": "https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx?OR=Teams%2DHL\u0026CT=1736953471669\u0026id=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017%2FVU%23285756%20%2D%20Dover%20Fueling%20Solutions%20ProGauge%20MAGLINK%20%2D%20Notice%20%28Draft%29%2Ehtml\u0026viewid=243fd1ea%2Da122%2D4cc0%2Dbe91%2Dd0714ca46b87\u0026parent=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx?OR=Teams%2DHL\u0026amp;CT=1736953471669\u0026amp;id=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017%2FVU%23285756%20%2D%20Dover%20Fueling%20Solutions%20ProGauge%20MAGLINK%20%2D%20Notice%20%28Draft%29%2Ehtml\u0026amp;viewid=243fd1ea%2Da122%2D4cc0%2Dbe91%2Dd0714ca46b87\u0026amp;parent=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017\"\u003ewebsite\u003c/a\u003e.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx?OR=Teams%2DHL\u0026amp;CT=1736953471669\u0026amp;id=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017%2FVU%23285756%20%2D%20Dover%20Fueling%20Solutions%20ProGauge%20MAGLINK%20%2D%20Notice%20%28Draft%29%2Ehtml\u0026amp;viewid=243fd1ea%2Da122%2D4cc0%2Dbe91%2Dd0714ca46b87\u0026amp;parent=%2Fteams%2FJCDC%2DProductionOffice%2FShared%20Documents%2FPublications%2FICS%20Publishing%2F2025%20ICSAs%2FJUN%2017\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx .For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://ociocisa.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Forms/AllItems.aspx \u00a0or later."
}
],
"source": {
"advisory": "ICSA-25-168-05",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-5310",
"datePublished": "2025-06-27T17:22:02.680Z",
"dateReserved": "2025-05-28T21:03:37.200Z",
"dateUpdated": "2025-06-27T17:41:45.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54807 (GCVE-0-2025-54807)
Vulnerability from cvelistv5
Published
2025-09-18 20:44
Modified
2025-09-19 13:06
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
The secret used for validating authentication tokens is hardcoded in
device firmware for affected versions. An attacker who obtains the
signing key can bypass authentication, gaining complete access to the
system.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dover Fueling Solutions | ProGauge MagLink LX 4 |
Version: 0 < 4.20.3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:05:56.641781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:06:19.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem."
}
],
"value": "The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T20:44:04.094Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"
},
{
"url": "https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\u003c/p\u003e\n\u003cp\u003eDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html \u00a0.For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html \u00a0or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks."
}
],
"source": {
"advisory": "ICSA-25-261-07",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-54807",
"datePublished": "2025-09-18T20:44:04.094Z",
"dateReserved": "2025-08-18T15:32:05.596Z",
"dateUpdated": "2025-09-19T13:06:19.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30519 (GCVE-0-2025-30519)
Vulnerability from cvelistv5
Published
2025-09-18 20:46
Modified
2025-09-19 13:05
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard
administrative means. An attacker with network access to the device can
gain administrative access to the system.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dover Fueling Solutions | ProGauge MagLink LX 4 |
Version: 0 < 4.20.3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:05:08.342046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:05:20.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices\u0026nbsp;have default root credentials that cannot be changed through standard \nadministrative means. An attacker with network access to the device can \ngain administrative access to the system."
}
],
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices\u00a0have default root credentials that cannot be changed through standard \nadministrative means. An attacker with network access to the device can \ngain administrative access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T20:46:42.642Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"
},
{
"url": "https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\u003c/p\u003e\n\u003cp\u003eDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html \u00a0.For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html \u00a0or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks."
}
],
"source": {
"advisory": "ICSA-25-261-07",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Weak Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-30519",
"datePublished": "2025-09-18T20:46:42.642Z",
"dateReserved": "2025-08-18T15:32:05.607Z",
"dateUpdated": "2025-09-19T13:05:20.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55068 (GCVE-0-2025-55068)
Vulnerability from cvelistv5
Published
2025-09-18 20:42
Modified
2025-09-19 13:06
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
Summary
Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point.
An attacker can manually change the system time to exploit this
limitation, potentially causing errors in authentication and leading to a
denial-of-service condition.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dover Fueling Solutions | ProGauge MagLink LX 4 |
Version: 0 < 4.20.3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T13:06:34.220442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T13:06:42.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX 4",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Plus",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "4.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ProGauge MagLink LX Ultimate",
"vendor": "Dover Fueling Solutions",
"versions": [
{
"lessThan": "5.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point.\n An attacker can manually change the system time to exploit this \nlimitation, potentially causing errors in authentication and leading to a\n denial-of-service condition."
}
],
"value": "Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point.\n An attacker can manually change the system time to exploit this \nlimitation, potentially causing errors in authentication and leading to a\n denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T20:42:29.547Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"
},
{
"url": "https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html\"\u003ewebsite\u003c/a\u003e\u0026nbsp;.\u003cp\u003eFor MagLink LX Ultimate devices, Dover Fueling Solutions recommends users \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html\"\u003eupdate to version 5.20.3\u003c/a\u003e\u0026nbsp;or later.\u003c/p\u003e\n\u003cp\u003eDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html \u00a0.For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html \u00a0or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks."
}
],
"source": {
"advisory": "ICSA-25-261-07",
"discovery": "EXTERNAL"
},
"title": "Dover Fueling Solutions ProGauge MagLink LX4 Devices Integer Overflow or Wraparound",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-55068",
"datePublished": "2025-09-18T20:42:29.547Z",
"dateReserved": "2025-08-18T15:32:05.574Z",
"dateUpdated": "2025-09-19T13:06:42.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}