Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by OPW Fuel Managements Systems
CVE-2024-8310 (GCVE-0-2024-8310)
Vulnerability from cvelistv5 – Published: 2024-09-27 16:33 – Updated: 2024-09-27 19:19
VLAI
Title
OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function
Summary
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OPW Fuel Managements Systems | SiteSentinel |
Affected:
0 , < 17Q2.1
(custom)
|
|
| opwglobal | sitesentinel_firmware |
Affected:
0 , < 17q2.1
(custom)
cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sitesentinel_firmware",
"vendor": "opwglobal",
"versions": [
{
"lessThan": "17q2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T18:45:08.451522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:19:33.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SiteSentinel",
"vendor": "OPW Fuel Managements Systems",
"versions": [
{
"lessThan": "17Q2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges.\n\n\u003cbr\u003e"
}
],
"value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:33:39.522Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOPW Fuel Management Systems\u0027 parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.\u003c/p\u003e\n\u003cp\u003eDFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.\u003c/p\u003e\n\u003cp\u003eThe software is available to authorized service providers for DFS products. Users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/contact-us\"\u003econtact DFS\u003c/a\u003e\u003c/p\u003e service providers to have the software on their system upgraded or changed.\n\n\u003cbr\u003e"
}
],
"value": "OPW Fuel Management Systems\u0027 parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.\n\n\nDFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.\n\n\nThe software is available to authorized service providers for DFS products. Users should contact DFS https://www.doverfuelingsolutions.com/contact-us \n\n service providers to have the software on their system upgraded or changed."
}
],
"source": {
"advisory": "ICSA-24-268-01",
"discovery": "EXTERNAL"
},
"title": "OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-8310",
"datePublished": "2024-09-27T16:33:39.522Z",
"dateReserved": "2024-08-29T14:29:19.568Z",
"dateUpdated": "2024-09-27T19:19:33.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8310 (GCVE-0-2024-8310)
Vulnerability from nvd – Published: 2024-09-27 16:33 – Updated: 2024-09-27 19:19
VLAI
Title
OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function
Summary
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OPW Fuel Managements Systems | SiteSentinel |
Affected:
0 , < 17Q2.1
(custom)
|
|
| opwglobal | sitesentinel_firmware |
Affected:
0 , < 17q2.1
(custom)
cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sitesentinel_firmware",
"vendor": "opwglobal",
"versions": [
{
"lessThan": "17q2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T18:45:08.451522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:19:33.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SiteSentinel",
"vendor": "OPW Fuel Managements Systems",
"versions": [
{
"lessThan": "17Q2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges.\n\n\u003cbr\u003e"
}
],
"value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T16:33:39.522Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOPW Fuel Management Systems\u0027 parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.\u003c/p\u003e\n\u003cp\u003eDFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.\u003c/p\u003e\n\u003cp\u003eThe software is available to authorized service providers for DFS products. Users should \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/contact-us\"\u003econtact DFS\u003c/a\u003e\u003c/p\u003e service providers to have the software on their system upgraded or changed.\n\n\u003cbr\u003e"
}
],
"value": "OPW Fuel Management Systems\u0027 parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.\n\n\nDFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.\n\n\nThe software is available to authorized service providers for DFS products. Users should contact DFS https://www.doverfuelingsolutions.com/contact-us \n\n service providers to have the software on their system upgraded or changed."
}
],
"source": {
"advisory": "ICSA-24-268-01",
"discovery": "EXTERNAL"
},
"title": "OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-8310",
"datePublished": "2024-09-27T16:33:39.522Z",
"dateReserved": "2024-08-29T14:29:19.568Z",
"dateUpdated": "2024-09-27T19:19:33.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}