Dover Fueling Solutions Flaw Lets Attackers Control Fueling Operations
A newly disclosed critical vulnerability in Dover Fueling Solutions’ ProGauge MagLink LX consoles has sent shockwaves through the global fuel infrastructure sector.
The flaw, tracked as CVE-2025-5310, allows remote attackers to seize control of fueling operations, manipulate tank monitoring, and even deploy malware, posing a severe risk to transportation systems worldwide.
Critical Flaw Exposes Global Fuel Networks
Security researchers at Microsec, led by Souvik Kandar, uncovered the flaw and reported it to the Cybersecurity and Infrastructure Security Agency (CISA).
The vulnerability, rated with a CVSS v4 base score of 9.2 (critical), affects several versions of the ProGauge MagLink LX consoles—a mainstay in fuel and water tank monitoring across fuel stations, depots, and transport hubs globally.
| Field | Value |
| CVE | CVE-2025-5310 |
| Product(s) | ProGauge MagLink LX 4, LX Plus, LX Ultimate |
| Affected Versions | LX 4/LX Plus < 4.20.3; LX Ultimate < 5.20.3 |
| Vulnerability | Missing Authentication for Critical Function |
The root of the issue lies in a missing authentication mechanism for a critical function. Specifically, the consoles expose an undocumented and unauthenticated Target Communication Framework (TCF) interface on a network port.
This “backdoor” allows anyone with network access to the device to create, delete, or modify files, potentially leading to remote code execution without requiring any credentials or user interaction. Attackers could exploit this to:
- Take full control of monitoring units
- Manipulate fueling operations
- Delete system configurations, causing downtime
- Deploy malware as a foothold for broader attacks within operational networks
Affected Products and Severity
The vulnerability impacts the following product lines:
| Product | Affected Versions |
| ProGauge MagLink LX 4 | Versions < 4.20.3 |
| ProGauge MagLink LX Plus | Versions < 4.20.3 |
| ProGauge MagLink LX Ultimate | Versions < 5.20.3 |
Given the widespread deployment of these consoles in critical infrastructure, the potential for exploitation is significant.
Attackers could disrupt fuel supply chains, cause inventory errors, or use the devices to launch further attacks on connected systems. While no public exploitation has been reported yet, the risk profile demands urgent attention.
Organizations are also advised to conduct thorough risk assessments and implement defense-in-depth strategies to safeguard critical infrastructure assets
As the digital integration of industrial control systems accelerates, this incident underscores the urgent need for continuous vigilance and robust cybersecurity practices across all sectors of critical infrastructure.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
