CVE-2024-43692

An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:*

History

01 Oct 2024, 16:22

Type Values Removed Values Added
First Time Doverfuelingsolutions progauge Maglink Lx4 Console Firmware
Doverfuelingsolutions progauge Maglink Lx4 Console
Doverfuelingsolutions
Doverfuelingsolutions progauge Maglink Lx Console
Doverfuelingsolutions progauge Maglink Lx Console Firmware
CPE cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:*
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 - Third Party Advisory, US Government Resource
CWE NVD-CWE-Other

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Un atacante puede solicitar directamente la subpágina de recursos ProGauge MAGLINK LX CONSOLE con privilegios completos solicitando la URL directamente.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-10-01 16:22


NVD link : CVE-2024-43692

Mitre link : CVE-2024-43692

CVE.ORG link : CVE-2024-43692


JSON object : View

Products Affected

doverfuelingsolutions

  • progauge_maglink_lx4_console
  • progauge_maglink_lx_console_firmware
  • progauge_maglink_lx_console
  • progauge_maglink_lx4_console_firmware
CWE
NVD-CWE-Other CWE-288

Authentication Bypass Using an Alternate Path or Channel