CVE-2023-41256

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01	Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:::::::*
	cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:::::::*

cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-11 19:15

Updated : 2024-11-21 08:20

NVD link : CVE-2023-41256

Mitre link : CVE-2023-41256

CVE.ORG link : CVE-2023-41256

JSON object : View

Products Affected

doverfuelingsolutions

maglink_lx_3
maglink_lx_web_console_configuration

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2023-41256", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-09-11T19:15:43.987", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"}, {"lang": "es", "value": "Las versiones de configuraci\u00f3n de la consola web MAGLINK LX de Dover Fueling Solutions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2 y 3.3 son vulnerables a la omisi\u00f3n de autenticaci\u00f3n que podr\u00eda permitir que un atacante no autorizado obtenga acceso de usuario."}], "lastModified": "2024-11-21T08:20:55.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C3C3D27-24CD-43C8-BE87-BDD72B25C767"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7C82DE-6F4D-4143-B0E9-D9ACD9C12AF3"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97DE034A-BDA6-4B51-A4CC-A680635949F0"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D2E3F6F-8929-4323-B0E6-97A24A2EE708"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384A423B-2C17-43D4-991E-1A0324329147"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6565920-179C-42BF-9AF2-1CE627ECD3F7"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84206322-6805-40D5-BC95-254D669E644D"}, {"criteria": "cpe:2.3:a:doverfuelingsolutions:maglink_lx_web_console_configuration:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7737DE0-8334-49C2-A44F-9F47E0BE2438"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:doverfuelingsolutions:maglink_lx_3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "766A65BA-C796-482B-A74B-BCE28D200AB9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}