The U.S. Cybersecurity and Infrastructure Security Agency has published a high-severity advisory warning that three vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX fuel-tank monitors can be exploited remotely to seize administrative control, steal cryptographic keys, or disable critical telemetry. The affected models — MagLink LX 4, Plus, and Ultimate — are deployed globally at retail and commercial fueling sites, where they measure fuel levels, detect water, and feed data into inventory and point-of-sale systems. All three flaws have patches available, and CISA urges operators to update firmware immediately while layering on network defenses.

The vulnerabilities: integer overflow, a hardcoded key, and unchangeable root credentials

CISA’s advisory (ICSA-25-261-07) details three separate weaknesses, each carrying a CVSS base score of 8.2 or higher. Together they create multiple paths for an attacker with network access to compromise a MagLink LX console.

CVE-2025-55068 — Integer overflow in Unix time handling (CVSS v3 8.2)
The firmware mishandles Unix timestamps beyond a certain range. An attacker who can alter the device’s system time — for example, by setting it to a date far in the future — can trigger authentication errors and cause a denial-of-service condition. While this vulnerability alone may only disrupt operations, an attacker could use it to mask other malicious activity or force a reboot that opens a window for further exploitation.

CVE-2025-54807 — Hardcoded cryptographic signing key (CVSS v3 9.8)
The secret used to validate authentication tokens is baked into the firmware. If an attacker extracts this key — through a firmware dump, memory analysis, or by obtaining a device image — they can forge tokens and bypass all authentication. That yields complete access to the console’s functions: reading tank levels, altering sensor thresholds, deleting files, or installing persistent malware. Because the key is identical across devices, a compromise of one unit endangers every unpatched console.

CVE-2025-30519 — Immutable default root credentials (CVSS v3 9.8)
MagLink LX devices ship with a root account whose password cannot be changed through normal administrative interfaces. An attacker who learns the default credentials (often publicly documented or easily guessed) can log in as root and take full administrative control, including modifying firmware, tampering with telemetry, and pivoting to other networked systems.

All three vulnerabilities are remotely exploitable with low attack complexity and require no user interaction, according to CISA. The researcher credited for discovering and reporting them is Pedro Umbelino of Bitsight TRACE.

What a compromised tank monitor means for your fueling site

A ProGauge MagLink LX sits at a critical junction: it collects readings from in-tank probes and passes data to fuel-management software, inventory systems, and sometimes directly to payment terminals. Because operators rely on these readings for safety (leak detection, overfill prevention) and business decisions (reorder timing, loss prevention), a compromised console can inflict damage well beyond the pump island.

  • Fraud and theft: Altering tank-level data can mask product theft or enable fuel diversion. Inaccurate water-in-fuel readings may allow contaminated fuel to be sold, creating environmental and legal liabilities.
  • Operational paralysis: Deleting configuration files or crashing the console shuts down automated telemetry. Sites must revert to manual measurements, causing delays, lost sales, and potential safety risks.
  • Lateral movement: If the console is connected to the store’s corporate network, attackers can pivot from the compromised device to back-office servers, payment systems, or other OT equipment. Poor network segmentation amplifies this risk.
  • Persistent foothold: An attacker who obtains the hardcoded signing key or root credentials can establish persistent access, surviving reboots and even some firmware updates if the key material isn’t rotated.

CISA’s alert emphasizes that these vulnerabilities are accessible over the network. Any MagLink LX console that is reachable directly from the internet — or from an unsegmented corporate LAN — is an attractive target for automated scanners and targeted attacks alike.

How we got here: a pattern of undefended OT interfaces

The three flaws fit a familiar pattern in industrial control systems: embedded devices designed for isolated environments are later connected to larger networks without adequate security hardening. The MagLink LX series, marketed as a next-generation console with touchscreen interfaces and enhanced connectivity, exposed multiple avenues for compromise because of decisions made during initial development — hardcoded secrets, unchangeable credentials, and incomplete input validation.

This isn’t the first alert for ProGauge devices. Earlier in 2025, CISA released a separate advisory (ICSA-25-168-05) describing a missing-authentication vulnerability (CVE-2025-5310) on an undocumented TCF interface in MagLink LX consoles. That flaw, reported by a different researcher, allowed attackers to manipulate files and achieve remote code execution without credentials. The latest advisory adds three new weaknesses, some of which may overlap or compound the earlier risk. Operators who applied the June 2025 patches should still verify that they have updated to the versions that fix these September 2025 CVEs.

The broader context is sobering. The transportation sector, which includes fueling stations, is classified as critical infrastructure by CISA, yet OT devices frequently run outdated firmware and lack basic security controls. Hardcoded cryptographic keys and immutable default credentials are among the most common vulnerabilities catalogued in ICS-CERT advisories, and they remain accessible to adversaries who scan for exposed industrial protocols.

What to do now: patch, isolate, rotate, and monitor

Dover Fueling Solutions has released firmware updates that address all three CVEs. Operators should treat these updates as urgent and deploy them during the next possible maintenance window, but with the deliberate change-control practices required in operational technology environments.

1. Inventory and patch
- Identify every ProGauge MagLink LX 4, Plus, and Ultimate console on your network and record its current firmware version.
- For LX 4 and Plus models, upgrade to firmware version 4.20.3 or later.
- For Ultimate models, upgrade to version 5.20.3 or later.
- Download firmware images only from the official Dover Fueling Solutions site, and verify checksums before flashing. After updating, confirm that the device boots correctly and resumes normal telemetry.

2. Harden network access
- Remove consoles from direct internet exposure immediately. Place them behind a dedicated OT firewall and restrict inbound connections to trusted management hosts only.
- Segment the fueling-system network from corporate IT networks. Use VLANs and strict access control lists so that even a compromised console cannot reach point-of-sale or back-office systems.
- Disable any unused network services on the console, and block access to known management ports except from authorized jump hosts.

3. Rotate credentials and keys
- After updating firmware, change the root password if the new version allows it. If the device still does not permit changing default credentials, plan to replace it.
- If the firmware update does not automatically replace the hardcoded signing key, contact Dover support to determine whether a key rotation procedure exists. Where possible, generate unique per-device keys to limit the blast radius of a future key extraction.

4. Enhance monitoring and detection
- Enable centralized logging (Syslog or a SIEM collector) for all console management events. Alert on file writes, unexpected reboots, authentication failures, and anomalous time changes.
- Correlate tank-level telemetry with independent sensors or manual readings periodically to detect data manipulation.
- Simulate a loss of console telemetry as a tabletop exercise to ensure fallback procedures are documented and staff are trained.

5. Report and share
- If you suspect a compromise, follow your internal incident response plan and notify your vendor support contact.
- Report confirmed malicious activity to CISA or your national cybersecurity authority for tracking and correlation.

Outlook: the growing attack surface in fuel logistics

The ProGauge advisory is the latest reminder that digitalization in fuel management — while improving efficiency — expands the threat surface in ways that manufacturers and operators must address jointly. As consoles become more connected and feature-rich, the temptation to skip security fundamentals grows, and the consequences for critical infrastructure become more severe.

CISA’s advisory makes clear that these three vulnerabilities are serious but entirely fixable with a firmware update. The real challenge lies in the operational rigor required to apply patches across large fleets of dispersed, always-on devices. Forward-leaning operators will combine the update with network segmentation, credential hygiene, and continuous monitoring — turning a single patch cycle into a durable security improvement.