CVE-2023-41256

{"id": "CVE-2023-41256", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-09-11T19:15:43.987", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"}, {"lang": "es", "value": "Las versiones de configuraci\u00f3n de la consola web MAGLINK LX de Dover Fueling Solutions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2 y 3.3 son vulnerables a la omisi\u00f3n de autenticaci\u00f3n que podr\u00eda permitir que un atacante no autorizado obtenga acceso de usuario."}], "lastModified": "2024-11-21T08:20:55.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C3C3D27-24CD-43C8-BE87-BDD72B25C767"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7C82DE-6F4D-4143-B0E9-D9ACD9C12AF3"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97DE034A-BDA6-4B51-A4CC-A680635949F0"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D2E3F6F-8929-4323-B0E6-97A24A2EE708"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384A423B-2C17-43D4-991E-1A0324329147"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6565920-179C-42BF-9AF2-1CE627ECD3F7"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84206322-6805-40D5-BC95-254D669E644D"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7737DE0-8334-49C2-A44F-9F47E0BE2438"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "766A65BA-C796-482B-A74B-BCE28D200AB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}