7.5
CVE-2024-39287
- EPSS 0.33%
- Veröffentlicht 08.08.2024 18:15:10
- Zuletzt bearbeitet 29.08.2024 14:23:31
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor
Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dorsettcontrols ≫ Infoscan Version1.32
Dorsettcontrols ≫ Infoscan Version1.33
Dorsettcontrols ≫ Infoscan Version1.35
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.249 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://portal.dtscada.com/#/security-bulletins?bulletin=1
https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01