admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-25 00:00:36 +00:00
parent 57ba9444d2
commit 554ce4b7d9
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 834 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
2024/3xxx/CVE-2024-3727.json
View File

@ -571,6 +571,20 @@
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "v4.16.0-202409162206.p0.g6a425ab.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
@ -1003,12 +1017,6 @@
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
@ -1275,6 +1283,11 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6708"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6824",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:6824"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-3727",
"refsource": "MISC",

124
2024/41xxx/CVE-2024-41725.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input \nfields that are used to render pages which may allow cross site \nscripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dover Fueling Solutions (DFS)",
"product": {
"product_data": [
{
"product_name": "ProGauge MAGLINK LX CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.4.2.2.6"
}
]
}
},
{
"product_name": "ProGauge MAGLINK LX4 CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.17.9e"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-268-04",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>DFS strongly encourages users of MagLink products to:</p>\n<ul>\n<li>Install MagLink consoles behind firewalls for security.</li>\n<li>Monitor and install updates on a timely basis.</li>\n<li>Contact DFS customer support with any questions about operations or updates of MagLink software.</li>\n</ul>\n<p>Alternatively, MagLink may operate offfline or disconnected from a network.</p>\n<p>Registered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.</p>\n\n<br>"
}
],
"value": "DFS strongly encourages users of MagLink products to:\n\n\n\n * Install MagLink consoles behind firewalls for security.\n\n * Monitor and install updates on a timely basis.\n\n * Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324.\n\n<br>"
}
],
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324."
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

124
2024/43xxx/CVE-2024-43423.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43423",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web application for ProGauge MAGLINK LX4 CONSOLE contains an \nadministrative-level user account with a password that cannot be \nchanged."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259",
"cweId": "CWE-259"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dover Fueling Solutions (DFS)",
"product": {
"product_data": [
{
"product_name": "ProGauge MAGLINK LX CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.4.2.2.6"
}
]
}
},
{
"product_name": "ProGauge MAGLINK LX4 CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.17.9e"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-268-04",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>DFS strongly encourages users of MagLink products to:</p>\n<ul>\n<li>Install MagLink consoles behind firewalls for security.</li>\n<li>Monitor and install updates on a timely basis.</li>\n<li>Contact DFS customer support with any questions about operations or updates of MagLink software.</li>\n</ul>\n<p>Alternatively, MagLink may operate offfline or disconnected from a network.</p>\n<p>Registered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.</p>\n\n<br>"
}
],
"value": "DFS strongly encourages users of MagLink products to:\n\n\n\n * Install MagLink consoles behind firewalls for security.\n\n * Monitor and install updates on a timely basis.\n\n * Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324.\n\n<br>"
}
],
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324."
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

124
2024/43xxx/CVE-2024-43692.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker can directly request the ProGauge MAGLINK LX CONSOLE \nresource sub page with full privileges by requesting the URL directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dover Fueling Solutions (DFS)",
"product": {
"product_data": [
{
"product_name": "ProGauge MAGLINK LX CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.4.2.2.6"
}
]
}
},
{
"product_name": "ProGauge MAGLINK LX4 CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.17.9e"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-268-04",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>DFS strongly encourages users of MagLink products to:</p>\n<ul>\n<li>Install MagLink consoles behind firewalls for security.</li>\n<li>Monitor and install updates on a timely basis.</li>\n<li>Contact DFS customer support with any questions about operations or updates of MagLink software.</li>\n</ul>\n<p>Alternatively, MagLink may operate offfline or disconnected from a network.</p>\n<p>Registered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.</p>\n\n<br>"
}
],
"value": "DFS strongly encourages users of MagLink products to:\n\n\n\n * Install MagLink consoles behind firewalls for security.\n\n * Monitor and install updates on a timely basis.\n\n * Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324.\n\n<br>"
}
],
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324."
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

124
2024/43xxx/CVE-2024-43693.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE \nUTILITY sub-menu can allow a remote attacker to inject arbitrary \ncommands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dover Fueling Solutions (DFS)",
"product": {
"product_data": [
{
"product_name": "ProGauge MAGLINK LX CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.4.2.2.6"
}
]
}
},
{
"product_name": "ProGauge MAGLINK LX4 CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.17.9e"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-268-04",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>DFS strongly encourages users of MagLink products to:</p>\n<ul>\n<li>Install MagLink consoles behind firewalls for security.</li>\n<li>Monitor and install updates on a timely basis.</li>\n<li>Contact DFS customer support with any questions about operations or updates of MagLink software.</li>\n</ul>\n<p>Alternatively, MagLink may operate offfline or disconnected from a network.</p>\n<p>Registered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.</p>\n\n<br>"
}
],
"value": "DFS strongly encourages users of MagLink products to:\n\n\n\n * Install MagLink consoles behind firewalls for security.\n\n * Monitor and install updates on a timely basis.\n\n * Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324.\n\n<br>"
}
],
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324."
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

124
2024/45xxx/CVE-2024-45066.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45066",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP \nsub-menu can allow a remote attacker to inject arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dover Fueling Solutions (DFS)",
"product": {
"product_data": [
{
"product_name": "ProGauge MAGLINK LX CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.4.2.2.6"
}
]
}
},
{
"product_name": "ProGauge MAGLINK LX4 CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.17.9e"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-268-04",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>DFS strongly encourages users of MagLink products to:</p>\n<ul>\n<li>Install MagLink consoles behind firewalls for security.</li>\n<li>Monitor and install updates on a timely basis.</li>\n<li>Contact DFS customer support with any questions about operations or updates of MagLink software.</li>\n</ul>\n<p>Alternatively, MagLink may operate offfline or disconnected from a network.</p>\n<p>Registered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.</p>\n\n<br>"
}
],
"value": "DFS strongly encourages users of MagLink products to:\n\n\n\n * Install MagLink consoles behind firewalls for security.\n\n * Monitor and install updates on a timely basis.\n\n * Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324.\n\n<br>"
}
],
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324."
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

124
2024/45xxx/CVE-2024-45373.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dover Fueling Solutions (DFS)",
"product": {
"product_data": [
{
"product_name": "ProGauge MAGLINK LX CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.4.2.2.6"
}
]
}
},
{
"product_name": "ProGauge MAGLINK LX4 CONSOLE",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.17.9e"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-268-04",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>DFS strongly encourages users of MagLink products to:</p>\n<ul>\n<li>Install MagLink consoles behind firewalls for security.</li>\n<li>Monitor and install updates on a timely basis.</li>\n<li>Contact DFS customer support with any questions about operations or updates of MagLink software.</li>\n</ul>\n<p>Alternatively, MagLink may operate offfline or disconnected from a network.</p>\n<p>Registered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal.</p>\n\n<br>"
}
],
"value": "DFS strongly encourages users of MagLink products to:\n\n\n\n * Install MagLink consoles behind firewalls for security.\n\n * Monitor and install updates on a timely basis.\n\n * Contact DFS customer support with any questions about operations or updates of MagLink software.\n\n\n\n\nAlternatively, MagLink may operate offfline or disconnected from a network.\n\n\nRegistered MagLink customers have access to technical information, \nupdates, and technical bulletins via a DFS proprietary portal."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324.\n\n<br>"
}
],
"value": "Dover Fueling Solutions released a new software update version 4.19.10 \nfor the MagLink LX console to address these vulnerabilities. The \nsoftware release is available for installation on consoles through DFS's\n authorized service organizations in North America. North American users\n can reach DFS's customer support team by telephone at 877-679-8324."
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Umbelino of Bitsight reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

99
2024/8xxx/CVE-2024-8497.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-36 ABSOLUTE PATH TRAVERSAL",
"cweId": "CWE-36"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Franklin Fueling Systems",
"product": {
"product_data": [
{
"product_name": "TS-550 EVO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.26.4.8967"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-03",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-03"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-268-03",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Franklin Fueling Systems recommends users update to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.franklinfueling.com/en/products/fuel-management-systems/atg-firmware/firmware/\">2.26.4.8967</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"
}
],
"value": "Franklin Fueling Systems recommends users update to 2.26.4.8967 https://www.franklinfueling.com/en/products/fuel-management-systems/atg-firmware/firmware/ ."
}
],
"credits": [
{
"lang": "en",
"value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}