Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-8310
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-27 Sep, 2024 | 16:33
Updated At-27 Sep, 2024 | 19:19
Rejected At-
▼CVE Numbering Authority (CNA)
OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function

OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.

Affected Products
Vendor
OPW Fuel Managements Systems
Product
SiteSentinel
Default Status
unaffected
Versions
Affected
  • From 0 before 17Q2.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306 Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306 Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

OPW Fuel Management Systems' parent company, Dover Fueling Systems (DFS), recommends users install all versions of the product behind a firewall as primary protection. DFS recommends user running versions prior to V17Q.2.1 upgrade to V17Q.2.1. Users with products that were distributed with versions newer than V17Q.2.1 should contact DFS using the link below to confirm that their build has the required fixes. The software is available to authorized service providers for DFS products. Users should contact DFS https://www.doverfuelingsolutions.com/contact-us service providers to have the software on their system upgraded or changed.

Configurations
Workarounds
Exploits
Credits
finder
Pedro Umbelino of Bitsight reported this vulnerability to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
opwglobal
Product
sitesentinel_firmware
CPEs
  • cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 17q2.1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found