CVE-2024-45066

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:*

History

01 Oct 2024, 16:18

Type Values Removed Values Added
First Time Doverfuelingsolutions progauge Maglink Lx4 Console Firmware
Doverfuelingsolutions progauge Maglink Lx4 Console
Doverfuelingsolutions
Doverfuelingsolutions progauge Maglink Lx Console
Doverfuelingsolutions progauge Maglink Lx Console Firmware
CVSS v2 : unknown
v3 : 10.0
v2 : unknown
v3 : 9.8
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 - Third Party Advisory, US Government Resource
CPE cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:*
cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:*

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Una solicitud POST especialmente manipulada ProGauge MAGLINK LX CONSOLE IP sub-menu puede permitir que un atacante remoto inyecte comandos arbitrarios.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-10-01 16:18


NVD link : CVE-2024-45066

Mitre link : CVE-2024-45066

CVE.ORG link : CVE-2024-45066


JSON object : View

Products Affected

doverfuelingsolutions

  • progauge_maglink_lx4_console
  • progauge_maglink_lx_console_firmware
  • progauge_maglink_lx_console
  • progauge_maglink_lx4_console_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')