{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-41256",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                        "cweId": "CWE-288"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Dover Fueling Solutions",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "MAGLINK LX Web Console Configuration",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "2.5.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "2.5.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "2.5.3"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "2.6.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "2.11"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "3.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "3.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "3.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.</span>\n\n<br>"
                }
            ],
            "value": "\nIn 2023, Dover Fueling Solutions announced end-of-life for MAGLINK LX 3 and released MAGLINK LX 4. However, MAGLINK LX 3 version 3.4.2.2.6 and MAGLINK LX 4 fixes these vulnerabilities.\n\n\n"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Soufian El Yadmani of Darktrace / CSIRT.global reported these vulnerabilities"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
            }
        ]
    }
}