Lucene search

IcscertCVELIST:CVE-2024-42408

HistoryAug 08, 2024 - 5:27 p.m.

CVE-2024-42408 Dorsett Controls InfoScan Path Traversal

2024-08-0817:27:17

CWE-22

icscert

www.cve.org

path traversal

dorsett controls

proxy interception

information exposure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.3%

JSON

The InfoScan client download page can be intercepted with a proxy, to
expose filenames located on the system, which could lead to additional
information exposure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "InfoScan",
    "vendor": "Dorsett Controls",
    "versions": [
      {
        "status": "affected",
        "version": "v1.32"
      },
      {
        "status": "affected",
        "version": "v1.33"
      },
      {
        "status": "affected",
        "version": "v1.35"
      }
    ]
  }
]

References

portal.dtscada.com/#/security-bulletins?bulletin=1

www.cisa.gov/news-events/ics-advisories/icsa-24-221-01

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.3%

JSON

Related for CVELIST:CVE-2024-42408