Home

Description

Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition.

PUBLISHED Reserved 2025-08-18 | Published 2025-09-18 | Updated 2025-09-19 | Assigner icscert




HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-190

Product status

Default status
unaffected

Any version before 4.20.3
affected

Default status
unaffected

Any version before 4.20.3
affected

Default status
unaffected

Any version before 5.20.3
affected

Credits

Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-261-07

www.doverfuelingsolutions.com/...e-maglink-lx-4-console.html

cve.org (CVE-2025-55068)

nvd.nist.gov (CVE-2025-55068)

Download JSON