CVE-2024-43693

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:*

History

01 Oct 2024, 17:17

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 - Third Party Advisory, US Government Resource
First Time Doverfuelingsolutions progauge Maglink Lx4 Console Firmware
Doverfuelingsolutions progauge Maglink Lx4 Console
Doverfuelingsolutions
Doverfuelingsolutions progauge Maglink Lx Console
Doverfuelingsolutions progauge Maglink Lx Console Firmware
CPE cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 10.0
v2 : unknown
v3 : 9.8

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Una solicitud POST especialmente manipulada ProGauge MAGLINK LX CONSOLE UTILITY sub-menu puede permitir que un atacante remoto inyecte comandos arbitrarios.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-10-01 17:17


NVD link : CVE-2024-43693

Mitre link : CVE-2024-43693

CVE.ORG link : CVE-2024-43693


JSON object : View

Products Affected

doverfuelingsolutions

  • progauge_maglink_lx4_console
  • progauge_maglink_lx_console_firmware
  • progauge_maglink_lx_console
  • progauge_maglink_lx4_console_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')