SecuriTricks - CVE-2024-43423

Description

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.

Product(s) Impacted

Vendor	Product	Versions
Doverfuelingsolutions	Progauge Maglink Lx Console Firmware Progauge Maglink Lx Console Progauge Maglink Lx4 Console Firmware Progauge Maglink Lx4 Console	* - * -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-259

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	doverfuelingsolutions	progauge_maglink_lx_console_firmware	/	/	/	/	/	/	/	/
h	doverfuelingsolutions	progauge_maglink_lx_console	-	/	/	/	/	/	/	/
o	doverfuelingsolutions	progauge_maglink_lx4_console_firmware	/	/	/	/	/	/	/	/
h	doverfuelingsolutions	progauge_maglink_lx4_console	-	/	/	/	/	/	/	/

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04

CVSS Score

9.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Sept. 25, 2024, 1:15 a.m.
Last Modified: Oct. 1, 2024, 3:41 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

ics-cert@hq.dhs.gov

CVE-2024-43423