Dover Fueling Solutions MAGLINK LX Console

Plan PatchCVSS 9.1ICS-CERT ICSA-23-250-01Sep 7, 2023

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MAGLINK LX Web Console versions 2.5.1 through 3.3 contain authentication bypass (CWE-288), broken authentication (CWE-305), and path traversal (CWE-22) vulnerabilities that allow unauthenticated remote attackers to gain full system access. Successful exploitation could allow modification of fueling system configurations, transaction records, and user accounts. Dover announced end-of-life for MAGLINK LX 3 in 2023 and released MAGLINK LX 4; the vulnerabilities are fixed in MAGLINK LX 3 version 3.4.2.2.6 and all MAGLINK LX 4 versions.

What this means

What could happen

An attacker could gain full administrative access to the MAGLINK LX console and modify fueling system configurations, potentially disrupting fuel delivery operations or redirecting transactions.

Who's at risk

Fuel retailers and convenience stores using Dover MAGLINK LX Console versions 2.5.1 through 3.3 for point-of-sale and pump management should prioritize remediation. This affects the fuel dispensing and transaction system that operators depend on for daily fueling operations and revenue collection.

How it could be exploited

An attacker with network access to the web console (port 80/443) can exploit authentication bypass and path traversal flaws to access the system without valid credentials. Once authenticated, the attacker can execute arbitrary operations such as changing system settings, user accounts, or transaction records.

Prerequisites

Network access to MAGLINK LX Web Console (port 80/443)
The console must be reachable from the attacker's network
No valid credentials required

Remotely exploitableNo authentication requiredLow complexityHigh CVSS score (9.1)End-of-life products (MAGLINK LX 3)Affects payment and fuel delivery operations

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (8)

8 pending

ProductAffected VersionsFix Status

MAGLINK LX Web Console Configuration: 2.5.12.5.1No fix yet

MAGLINK LX Web Console Configuration: 2.5.22.5.2No fix yet

MAGLINK LX Web Console Configuration: 2.5.32.5.3No fix yet

MAGLINK LX Web Console Configuration: 2.6.12.6.1No fix yet

MAGLINK LX Web Console Configuration: 2.112.11No fix yet

MAGLINK LX Web Console Configuration: 3.03.0No fix yet

MAGLINK LX Web Console Configuration: 3.23.2No fix yet

MAGLINK LX Web Console Configuration: 3.33.3No fix yet

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImplement firewall rules to block direct internet access to the MAGLINK LX Web Console; restrict access to authorized management networks only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade MAGLINK LX 3 installations to version 3.4.2.2.6 or later

HOTFIXUpgrade to MAGLINK LX 4, which includes fixes for these vulnerabilities

Long-term hardening

0/2

HARDENINGIsolate the MAGLINK LX console from the business network and internet using network segmentation

HARDENINGIf remote access is required, implement VPN with current security patches and strong authentication

CVEs (3)

CVE-2023-41256 CVE-2023-36497 CVE-2023-38256

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c336dfb3-c779-4a48-913d-4b3eaf525a43

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.