CVE-2024-39287

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dorsettcontrols:infoscan:1.32:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.33:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.35:*:*:*:*:*:*:*

History

29 Aug 2024, 14:23

Type Values Removed Values Added
Summary
  • (es) El servidor de actualización de Dorsett Controls Central Server tiene posibles fugas de información con un archivo desprotegido que contiene contraseñas y claves API.
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:dorsettcontrols:infoscan:1.33:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.35:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.32:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Dorsettcontrols
Dorsettcontrols infoscan
References () https://portal.dtscada.com/#/security-bulletins?bulletin=1 - () https://portal.dtscada.com/#/security-bulletins?bulletin=1 - Vendor Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01 - Third Party Advisory, US Government Resource

08 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 18:15

Updated : 2024-08-29 14:23


NVD link : CVE-2024-39287

Mitre link : CVE-2024-39287

CVE.ORG link : CVE-2024-39287


JSON object : View

Products Affected

dorsettcontrols

  • infoscan
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor