Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Hard-coded...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The secret used for validating authentication tokens is hardcoded in
device firmware for affected versions. An attacker who obtains the
signing key can bypass authentication, gaining complete access to the
system.

Basic Information

ID CVE-2025-54807

Source icscert

Published Sep 18, 2025 at 20:44

Affected Product

Vendor Dover Fueling Solutions

Product ProGauge MagLink LX 4

Affected Versions Dover Fueling Solutions ProGauge MagLink LX 4 0
Dover Fueling Solutions ProGauge MagLink LX Plus 0
Dover Fueling Solutions ProGauge MagLink LX Ultimate 0

CWE Classification

CWE-321

References

{
    "lastseen": "",
    "description": "The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem.",
    "published": "2025-09-18T20:44:04.094Z",
    "modified": "2025-09-18T20:44:04.094Z",
    "type": "cve",
    "title": "Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Hard-coded Cryptographic Key",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07\nhttps://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html",
    "id": "CVE-2025-54807",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "Dover Fueling Solutions ProGauge MagLink LX 4 0\nDover Fueling Solutions ProGauge MagLink LX Plus 0\nDover Fueling Solutions ProGauge MagLink LX Ultimate 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ProGauge MagLink LX 4",
    "version": "0",
    "vendor": "Dover Fueling Solutions",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Hard-coded Cryptographic Key_CVE-2025-54807