CVE-2024-42493 is a medium-severity information disclosure vulnerability affecting Dorsett Controls InfoScan versions 1.32, 1.33, and 1.35. The vulnerability was disclosed on August 8, 2024, via CISA's Industrial Control Systems (ICS) advisory program (ICSA-24-221-01). The issue stems from sensitive information leakage through HTTP response headers and rendered JavaScript content that is accessible prior [truncated]
A vulnerability in Dorsett Controls InfoScan allows network-based attackers to intercept client download page traffic via a proxy, exposing system filenames and potentially enabling further information disclosure. The issue affects InfoScan versions 1.32, 1.33, and 1.35, with a fix available in version 1.38 or later. CISA published this advisory on August 8, 2024 as ICSA-24-221-01. The vulnerability carri [truncated]
Dorsett Controls InfoScan Central Server update server contains an unprotected file with passwords and API keys, enabling information disclosure to unauthenticated network attackers. The vulnerability was disclosed by CISA on August 8, 2024, with a CVSS 3.1 score of 5.3 (Medium). Affected versions include InfoScan 1.32, 1.33, and 1.35. The vendor has released version 1.38 to remediate this issue.
