A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE
UTILITY sub-menu can allow a remote attacker to inject arbitrary
commands.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
01 Oct 2024, 17:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx_console:-:*:*:*:*:*:*:* cpe:2.3:h:doverfuelingsolutions:progauge_maglink_lx4_console:-:*:*:*:*:*:*:* cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx_console_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:doverfuelingsolutions:progauge_maglink_lx4_console_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04 - Third Party Advisory, US Government Resource | |
First Time |
Doverfuelingsolutions
Doverfuelingsolutions progauge Maglink Lx4 Console Doverfuelingsolutions progauge Maglink Lx Console Firmware Doverfuelingsolutions progauge Maglink Lx Console Doverfuelingsolutions progauge Maglink Lx4 Console Firmware |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Sep 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-25 01:15
Updated : 2024-10-01 17:17
NVD link : CVE-2024-43693
Mitre link : CVE-2024-43693
CVE.ORG link : CVE-2024-43693
JSON object : View
Products Affected
doverfuelingsolutions
- progauge_maglink_lx_console_firmware
- progauge_maglink_lx_console
- progauge_maglink_lx4_console
- progauge_maglink_lx4_console_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')