Dover Fueling Solutions ProGauge MagLink LX4 Devices

Plan PatchCVSS 9.8ICS-CERT ICSA-25-261-07Sep 18, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Three ProGauge MagLink device families contain vulnerabilities (CWE-190 integer overflow, CWE-321 hardcoded credentials, CWE-1391 initialization error) that allow a remote attacker to cause denial-of-service or gain administrative access without authentication. The vulnerabilities exist across MagLink LX 4, MagLink LX Plus (versions below 4.20.3), and MagLink LX Ultimate (versions below 5.20.3). Successful exploitation could enable an attacker to shut down fueling operations, alter pump configurations, or access fuel sales and payment data.

What this means

What could happen

An attacker with network access to an unpatched ProGauge MagLink device could shut down the fueling system remotely or gain full administrative control, potentially preventing fuel dispensing operations or tampering with transaction data and pump settings.

Who's at risk

Fuel station operators running Dover ProGauge MagLink fueling management systems. This affects all versions of MagLink LX 4, LX Plus, and LX Ultimate devices used to control and monitor fuel dispensers, inventory, and payment processing at retail fuel sites.

How it could be exploited

An attacker connects to the device from the network without credentials and exploits an integer overflow or embedded credential flaw to trigger a denial-of-service condition or escalate privileges to administrator level. No user interaction is required.

Prerequisites

Network connectivity to the ProGauge MagLink device (HTTP/HTTPS port, typically port 80 or 443)
Device must be running a vulnerable firmware version (below 4.20.3 for LX4/Plus, below 5.20.3 for Ultimate)
No authentication bypass is required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects critical fueling infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

ProGauge MagLink LX 4: <4.20.3<4.20.34.20.3

ProGauge MagLink LX Plus: <4.20.3<4.20.34.20.3

ProGauge MagLink LX Ultimate: <5.20.3<5.20.35.20.3

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to ProGauge MagLink devices by placing them behind a firewall and blocking inbound internet traffic to the device

HARDENINGIsolate ProGauge MagLink devices from the business network; if remote management is required, use a VPN with current security patches

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ProGauge MagLink LX 4 and MagLink LX Plus devices to firmware version 4.20.3 or later

HOTFIXUpdate ProGauge MagLink LX Ultimate devices to firmware version 5.20.3 or later

CVEs (3)

CVE-2025-55068 CVE-2025-54807 CVE-2025-30519

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/55fad13f-b1f8-4d24-a94f-ab0ade4ea6bb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.