CVE-2024-42408

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dorsettcontrols:infoscan:1.32:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.33:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.35:*:*:*:*:*:*:*

History

29 Aug 2024, 14:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 3.7
CPE cpe:2.3:a:dorsettcontrols:infoscan:1.33:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.32:*:*:*:*:*:*:*
cpe:2.3:a:dorsettcontrols:infoscan:1.35:*:*:*:*:*:*:*
Summary
  • (es) La página de descarga del cliente InfoScan se puede interceptar con un proxy para exponer los nombres de archivos ubicados en el sistema, lo que podría provocar la exposición de información adicional.
First Time Dorsettcontrols infoscan
Dorsettcontrols
References () https://portal.dtscada.com/#/security-bulletins?bulletin=1 - () https://portal.dtscada.com/#/security-bulletins?bulletin=1 - Vendor Advisory
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01 - Third Party Advisory, US Government Resource

08 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 18:15

Updated : 2024-08-29 14:22


NVD link : CVE-2024-42408

Mitre link : CVE-2024-42408

CVE.ORG link : CVE-2024-42408


JSON object : View

Products Affected

dorsettcontrols

  • infoscan
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')