Dover Fueling Solutions ProGauge MagLink LX consoles
Act Now9.8ICS-CERT ICSA-25-168-05Jun 17, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A missing access control vulnerability (CWE-306) in Dover Fueling Solutions ProGauge MagLink LX consoles allows unauthenticated remote attackers to gain full control of the monitoring device. Exploitation could enable manipulation of fueling operations, deletion of system configurations, deployment of malware, or manipulation of fuel transaction data. The vulnerability affects ProGauge MagLink LX 4, MagLink LX Plus (versions below 4.20.3), and MagLink LX Ultimate (versions below 5.20.3).
What this means
What could happen
An attacker could gain complete control of the ProGauge MagLink LX console, manipulating fueling operations, deleting system configurations, or installing malware to disrupt fuel station operations.
Who's at risk
Fuel station operators using Dover Fueling Solutions ProGauge MagLink LX monitoring consoles (4, Plus, and Ultimate models) should care about this vulnerability. These devices manage fuel dispensing operations, inventory, and transaction monitoring at retail fuel stations and fleet fueling sites.
How it could be exploited
An attacker with network access to the ProGauge MagLink LX console (no authentication required) can exploit a missing access control check to gain remote control of the device. Once compromised, the attacker can modify fuel dispensing parameters, alter historical data, or deploy additional malicious code.
Prerequisites
- Network access to the ProGauge MagLink LX console
- Device is reachable from an attacker's network location (no credentials or interaction required)
Remotely exploitableNo authentication requiredLow complexity attackNo patch available for some versionsHigh CVSS (9.8) critical severityAffects fuel dispensing operations
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
ProGauge MagLink LX 4: <4.20.3<4.20.34.20.3
ProGauge MagLink LX Ultimate: <5.20.3<5.20.35.20.3
ProGauge MagLink LX Plus: <4.20.3<4.20.34.20.3
Remediation & Mitigation
0/6
Do now
0/3HARDENINGEnsure ProGauge MagLink consoles are not directly accessible from the internet; place behind firewall with restricted inbound access
HARDENINGIsolate fuel station networks from business network segments using network segmentation or firewalls
WORKAROUNDIf remote access is required, require VPN connections with current security patches
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate ProGauge MagLink LX 4 to version 4.20.3 or later
HOTFIXUpdate ProGauge MagLink LX Plus to version 4.20.3 or later
HOTFIXUpdate ProGauge MagLink LX Ultimate to version 5.20.3 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/bf85fc59-ff21-466b-a58d-459826ce580b