Pedro Umbelino

**Name of the Vulnerable Software and Affected Versions** Veeder-Root TLS4B ATG versions (affected versions not specified) **Description** The TLS4B ATG system’s SOAP-based interface is susceptible to command injection due to its accessibility through the web services handler. This allows remote attackers possessing valid credentials to execute system-level commands on the underlying Linux system. Successful exploitation could lead to remote command execution (RCE), full shell access, and potential lateral movement within a network. The vulnerability stems from a lack of proper authorization controls in the SOAP interface. The affected system is used in tank gauge systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TLS4B ATG system (affected versions not specified) **Description** The TLS4B ATG system is susceptible to issues stemming from improper handling of Unix time values exceeding the 2038 epoch rollover. Upon reaching January 19, 2038, the system clock resets to December 13, 1901, resulting in authentication failures and disruption of core functionalities including login access, history visibility, and leak detection termination. This could enable an attacker to manipulate the system time, potentially triggering a denial of service (DoS) condition. This could lead to administrative lockout, operational timer failures, and corrupted log entries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dover Fueling Solutions ProGauge MagLink LX4 Devices (affected versions not specified) **Description** ProGauge MagLink LX4 devices are susceptible to a time-based issue where they fail to correctly handle Unix time values exceeding a specific point. An attacker can manipulate the system time to exploit this limitation, potentially disrupting authentication processes and causing a denial-of-service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** The secret used for validating authentication tokens is hardcoded in device firmware. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dover Fueling Solutions ProGauge MagLink LX4 Devices (affected versions not specified) **Description** Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OMNTEC Proteus Tank Monitoring OEL8000III Series (affected versions not specified) **Description** The issue allows an attacker to perform administrative actions without proper authentication. It is being actively exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProGauge MAGLINK LX CONSOLE (affected versions not specified) **Description** A specially crafted POST request to the "ProGauge MAGLINK LX CONSOLE IP sub-menu" can allow a remote attacker to inject arbitrary commands. This issue is being actively exploited. The vulnerability affects Automated Tank Gauge (ATG) systems, which are crucial for managing fuel storage tanks in critical infrastructure sectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProGauge MAGLINK LX CONSOLE (affected versions not specified) **Description** The issue is related to insufficient filtering on input fields used to render pages, which may allow cross-site scripting. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProGauge MAGLINK LX4 CONSOLE (affected versions not specified) **Description** The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProGauge MAGLINK LX CONSOLE (affected versions not specified) **Description** An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProGauge MAGLINK LX CONSOLE (affected versions not specified) **Description** A specially crafted POST request to the "UTILITY sub-menu" can allow a remote attacker to inject arbitrary commands. This issue affects the ProGauge MAGLINK LX CONSOLE, allowing attackers to potentially execute commands remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProGauge MAGLINK LX4 CONSOLE (affected versions not specified) **Description** A valid user can change their privileges to administrator once logged in to the ProGauge MAGLINK LX4 CONSOLE. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OPW Fuel Management Systems SiteSentinel versions prior to 17Q2.1 Description: The issue allows an attacker to bypass authentication to the server and obtain full admin privileges. This could enable remote attacks. Recommendations: For OPW Fuel Management Systems SiteSentinel versions prior to 17Q2.1, upgrade to version 17Q2.1 or later to mitigate the risks. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 Description: The issue allows an attacker to read a file arbitrarily, potentially obtaining administrator credentials. Recommendations: For Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967, update to version 2.26.4.8967 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Alisonic Sibylla (affected versions not specified) Description: The issue concerns SQL injection attacks, which could allow complete access to the database. Attackers can remotely compromise databases. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Service Location Protocol (SLP) (affected versions not specified) **Description** The Service Location Protocol (SLP) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. The vulnerability is being actively exploited to launch massive DoS amplification attacks. Approximately 54,000 vulnerable devices in 2,000 organizations have been identified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the Service Location Protocol (SLP) on systems operating in untrusted networks to minimize the risk of exploitation. Restrict access to SLP services to prevent unauthorized registration of services. Avoid using SLP for critical services until the issue is resolved. Mitigations are required by November 29, 2023.

**Name of the Vulnerable Software and Affected Versions** MiCODUS MV720 GPS tracker (affected versions not specified) **Description** The issue allows SMS-based GPS commands to be executed by the MiCODUS MV720 GPS tracker without requiring authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiCODUS MV720 GPS tracker (affected versions not specified) **Description** The main web server of the MiCODUS MV720 GPS tracker has an authenticated insecure direct object reference issue. This issue is related to the endpoint and parameter `device IDs`, which accept arbitrary `device IDs` without further verification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiCODUS MV720 GPS tracker (affected versions not specified) **Description** The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiCODUS MV720 GPS tracker (affected versions not specified) **Description** The main web server of the MiCODUS MV720 GPS tracker has an authenticated insecure direct object references issue. This issue is related to an endpoint and the POST parameter `Device ID`, which accepts arbitrary device IDs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.