Dover Fueling Solutions Vulnerability Exposes Fueling Operations to Attackers

A critical security vulnerability in Dover Fueling Solutions’ ProGauge MagLink LX fuel monitoring systems could allow remote attackers to gain complete control over fueling operations, manipulate tank data, and potentially deploy malware across affected installations worldwide.

The vulnerability, assigned CVE-2025-5310 with a severe CVSS v4 score of 9.2, affects fuel and water tank monitoring consoles used extensively in transportation infrastructure globally.

The vulnerability stems from a missing authentication mechanism for a critical function in the ProGauge MagLink LX systems, specifically classified as CWE-306.

The affected devices expose an undocumented and unauthenticated Target Communication Framework (TCF) interface on a specific network port, creating a dangerous backdoor for potential attackers.

Security researcher Souvik Kandar of Microsec discovered that this interface allows unauthorized users to create, delete, or modify files on the system without any authentication requirements.

This fundamental security flaw could enable remote code execution, giving attackers unprecedented access to fuel monitoring and control systems.

The vulnerability affects multiple product lines, including ProGauge MagLink LX 4, LX Plus, and LX Ultimate models running versions prior to their respective patched releases.

The severity of this vulnerability is underscored by its CVSS v3 base score of 9.8 and CVSS v4 score of 9.2, both indicating critical risk levels.

The attack vector is network-based with low complexity requirements, meaning skilled attackers could potentially exploit this vulnerability remotely with minimal technical barriers.

Dover Fueling Solutions Vulnerability

Dover Fueling Solutions’ ProGauge MagLink systems are deployed worldwide across critical transportation infrastructure sectors, making this vulnerability particularly concerning for fuel distribution networks, gas stations, and industrial facilities.

The systems serve as monitoring and control interfaces for fuel and water tanks, making them essential components in maintaining operational safety and efficiency.

Successful exploitation could result in attackers gaining comprehensive control over monitoring devices, potentially manipulating fueling operations in real-time.

This could lead to inaccurate fuel readings, unauthorized system configuration changes, or the deployment of persistent malware that could compromise entire fuel distribution networks.

The implications extend beyond immediate operational disruption to include potential safety hazards and supply chain vulnerabilities.

Given the critical nature of fuel distribution infrastructure, any compromise of these systems could have cascading effects on transportation networks, emergency services, and economic stability in affected regions.

Security Recommendations

Dover Fueling Solutions has released security updates to address the vulnerability across all affected product lines.

Users of ProGauge MagLink LX 4 and LX Plus models should immediately update to version 4.20.3 or later, while MagLink LX Ultimate users should upgrade to version 5.20.3 or later. These updates are available through the Dover Fueling Solutions website.

CISA has issued comprehensive mitigation guidance emphasizing the importance of network segmentation and access controls.

Organizations are advised to minimize network exposure for control system devices, ensure systems are not accessible from the internet, and implement robust firewall protections.

When remote access is necessary, CISA recommends using secure Virtual Private Networks with current security updates.

The agency also recommends implementing defense-in-depth strategies and conducting thorough impact analyses before deploying protective measures. Currently, no known public exploitation attempts targeting this specific vulnerability have been reported to CISA.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.