Login Sign Up

CVE-2024-43693

10.0 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on ProGauge MAGLINK LX CONSOLE UTILITY systems by sending specially crafted POST requests. This affects industrial control systems using the vulnerable software, potentially allowing complete system compromise.

💻 Affected Systems

Products:
  • ProGauge MAGLINK LX CONSOLE UTILITY
Versions: All versions prior to patched version (specific version not specified in advisory)
Operating Systems: Unknown - likely embedded/industrial OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the CONSOLE UTILITY sub-menu functionality. Industrial control systems in critical infrastructure sectors are particularly at risk.

📦 What is this software?

Progauge Maglink Lx Console Firmware by Doverfuelingsolutions

View all CVEs affecting Progauge Maglink Lx Console Firmware →

Progauge Maglink Lx4 Console Firmware by Doverfuelingsolutions

View all CVEs affecting Progauge Maglink Lx4 Console Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover, data exfiltration, manipulation of industrial processes, and lateral movement to other connected systems.

🟠

Likely Case

Remote code execution leading to data theft, system disruption, or installation of persistent backdoors.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication.
🏢 Internal Only: HIGH - Even internal attackers can exploit this vulnerability easily.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Command injection via POST request suggests straightforward exploitation. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in advisory - contact vendor

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04

Restart Required: Yes

Instructions:

1. Contact ProGauge vendor for patched version. 2. Apply vendor-provided patch. 3. Restart affected systems. 4. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ProGauge systems from untrusted networks and internet access

Access Control Lists

all

Restrict network access to ProGauge systems to authorized IP addresses only

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to block all external access
  • Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if ProGauge MAGLINK LX CONSOLE UTILITY is installed and accessible via HTTP POST requests

Check Version:

Contact vendor for version verification method

Verify Fix Applied:

Verify with vendor that patched version is installed and test that command injection is no longer possible

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to CONSOLE UTILITY endpoints
  • Suspicious command execution in system logs

Network Indicators:

  • HTTP POST requests with command injection patterns to ProGauge systems

SIEM Query:

http.method:POST AND (http.uri:*console* OR http.uri:*utility*) AND (http.request_body:*cmd* OR http.request_body:*;* OR http.request_body:*|*)

📊 Metadata

CVE ID: CVE-2024-43693
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-77
Published: September 25, 2024
Last Updated: October 1, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43693, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)