CVE-2024-39287

Summary

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.

Affected Software

VendorProductVersion RangeStatus
Dorsett ControlsInfoScanv1.32affected
Dorsett ControlsInfoScanv1.33affected
Dorsett ControlsInfoScanv1.35affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References