{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8310", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-08-29T14:29:19.568Z", "datePublished": "2024-09-27T16:33:39.522Z", "dateUpdated": "2024-09-27T19:19:33.579Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SiteSentinel", "vendor": "OPW Fuel Managements Systems", "versions": [{"lessThan": "17Q2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges.\n\n<br>"}], "value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-09-27T16:33:39.522Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>OPW Fuel Management Systems' parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.</p>\n<p>DFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.</p>\n<p>The software is available to authorized service providers for DFS products. Users should <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/contact-us\">contact DFS</a></p> service providers to have the software on their system upgraded or changed.\n\n<br>"}], "value": "OPW Fuel Management Systems' parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.\n\n\nDFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.\n\n\nThe software is available to authorized service providers for DFS products. Users should  contact DFS https://www.doverfuelingsolutions.com/contact-us \n\n service providers to have the software on their system upgraded or changed."}], "source": {"advisory": "ICSA-24-268-01", "discovery": "EXTERNAL"}, "title": "OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "opwglobal", "product": "sitesentinel_firmware", "cpes": ["cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "17q2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T18:45:08.451522Z", "id": "CVE-2024-8310", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T19:19:33.579Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8310", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-27T18:45:08.451522Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:opwglobal:sitesentinel_firmware:*:*:*:*:*:*:*:*"], "vendor": "opwglobal", "product": "sitesentinel_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "17q2.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T19:17:52.703Z"}}], "cna": {"title": "OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function", "source": {"advisory": "ICSA-24-268-01", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Pedro Umbelino of Bitsight reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OPW Fuel Managements Systems", "product": "SiteSentinel", "versions": [{"status": "affected", "version": "0", "lessThan": "17Q2.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "OPW Fuel Management Systems' parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.\n\n\nDFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.\n\n\nThe software is available to authorized service providers for DFS products. Users should  contact DFS https://www.doverfuelingsolutions.com/contact-us \n\n service providers to have the software on their system upgraded or changed.", "supportingMedia": [{"type": "text/html", "value": "<p>OPW Fuel Management Systems' parent company, Dover Fueling Systems \n(DFS), recommends users install all versions of the product behind a \nfirewall as primary protection.</p>\n<p>DFS recommends user running versions prior to V17Q.2.1 upgrade to \nV17Q.2.1. Users with products that were distributed with versions newer \nthan V17Q.2.1 should contact DFS using the link below to confirm that \ntheir build has the required fixes.</p>\n<p>The software is available to authorized service providers for DFS products. Users should <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/contact-us\">contact DFS</a></p> service providers to have the software on their system upgraded or changed.\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges.", "supportingMedia": [{"type": "text/html", "value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges.\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-09-27T16:33:39.522Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8310", "state": "PUBLISHED", "dateUpdated": "2024-09-27T19:19:33.579Z", "dateReserved": "2024-08-29T14:29:19.568Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-09-27T16:33:39.522Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OPW Fuel Management Systems SiteSentinel \ncould allow an attacker to bypass authentication to the server and obtain full admin privileges."}, {"lang": "es", "value": "OPW Fuel Management Systems SiteSentinel podr\u00edan permitir que un atacante eluda la autenticaci\u00f3n en el servidor y obtenga privilegios de administrador completos."}], "id": "CVE-2024-8310", "lastModified": "2024-09-30T12:45:57.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-09-27T17:15:13.970", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}