Home

Description

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.

PUBLISHED Reserved 2025-05-28 | Published 2025-06-27 | Updated 2025-06-27 | Assigner icscert




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306

Product status

Default status
unaffected

Any version before 4.20.3
affected

Default status
unaffected

Any version before 4.20.3
affected

Default status
unaffected

Any version before 5.20.3
affected

Credits

Souvik Kandar of Microsec reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-168-05

ociocisa.sharepoint.com/...lishing%2F2025%20ICSAs%2FJUN%2017

cve.org (CVE-2025-5310)

nvd.nist.gov (CVE-2025-5310)

Download JSON