CVE-2025-54807

Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key

CVSS 9.3 CRITICALEPSS 0.7%CWE-321

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Dover Fueling Solutions · ProGauge MagLink LX 4 Dover Fueling Solutions · ProGauge MagLink LX Plus Dover Fueling Solutions · ProGauge MagLink LX Ultimate

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html