CVE-2024-42493

Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dorsettcontrols:infoscan:1.32:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.33:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.35:*:*:*:*:*:*:*

History

29 Aug 2024, 14:24

Type Values Removed Values Added
Summary
  • (es) Dorsett Controls InfoScan es vulnerable debido a una filtración de posible información confidencial a través de los encabezados de respuesta y el JavaScript renderizado antes del inicio de sesión del usuario.
CPE cpe:2.3:a:dorsettcontrols:infoscan:1.33:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.35:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.32:*:*:*:*:*:*:*
First Time Dorsettcontrols
Dorsettcontrols infoscan
References () https://portal.dtscada.com/#/security-bulletins?bulletin=1 - () https://portal.dtscada.com/#/security-bulletins?bulletin=1 - Vendor Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01 - Third Party Advisory, US Government Resource
CWE NVD-CWE-noinfo

08 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 18:15

Updated : 2024-08-29 14:24


NVD link : CVE-2024-42493

Mitre link : CVE-2024-42493

CVE.ORG link : CVE-2024-42493


JSON object : View

Products Affected

dorsettcontrols

  • infoscan
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor