Lucene search

IcscertCVELIST:CVE-2024-42493

HistoryAug 08, 2024 - 5:23 p.m.

CVE-2024-42493 Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

2024-08-0817:23:04

CWE-200

icscert

www.cve.org

dorsett controls

infoscan

sensitive information

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

17.7%

JSON

Dorsett Controls InfoScan is vulnerable due to a leak of possible
sensitive information through the response headers and the rendered
JavaScript prior to user login.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "InfoScan",
    "vendor": "Dorsett Controls",
    "versions": [
      {
        "status": "affected",
        "version": "v1.32"
      },
      {
        "status": "affected",
        "version": "v1.33"
      },
      {
        "status": "affected",
        "version": "v1.35"
      }
    ]
  }
]

References

portal.dtscada.com/#/security-bulletins?bulletin=1

www.cisa.gov/news-events/ics-advisories/icsa-24-221-01

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

17.7%

JSON

Related for CVELIST:CVE-2024-42493