CVE-2025-30519 | THREATINT

Description

Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system.

PUBLISHED Reserved 2025-08-18 | Published 2025-09-18 | Updated 2025-09-19 | Assigner icscert

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Product status

Default status

unaffected

Any version before 4.20.3

affected

Default status

unaffected

Any version before 4.20.3

affected

Default status

unaffected

Any version before 5.20.3

affected

Credits

Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-261-07

www.doverfuelingsolutions.com/...e-maglink-lx-4-console.html

cve.org (CVE-2025-30519)

nvd.nist.gov (CVE-2025-30519)

Download JSON

help @ threatint.eu