Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Warns of Flaws in Dorsett Controls

August 8, 2024
Reading Time: 2 mins read
in Alerts

CISA, in collaboration with an anonymous researcher, released an Industrial Control Systems (ICS) advisory highlighting vulnerabilities in the Dorsett Controls InfoScan system. The advisory warns that these security issues, affecting InfoScan versions 1.32, 1.33, and 1.35, could lead to unauthorized access to sensitive information. The vulnerabilities are linked to exposure of sensitive information and improper limitation of pathnames, allowing potential attackers to access sensitive files or retrieve information about system files without authorization.

The advisory identifies three specific Common Vulnerabilities and Exposures (CVEs): CVE-2024-42493, CVE-2024-42408, and CVE-2024-39287. The first CVE involves a flaw that allows sensitive data exposure before user login, primarily via response headers and JavaScript. The second vulnerability is a path traversal issue, where attackers can intercept client download requests to reveal filenames on the system. The third CVE warns of an unprotected server file containing passwords and API keys, which could lead to credential misuse.

These vulnerabilities represent significant risks to the Water and Wastewater Systems sector in the United States. An exploit could lead to data theft, unauthorized access, and potential further attacks on critical infrastructure. Given the low complexity and remote exploitability of these issues, CISA has assigned a CVSS v4 score of 6.9 for each vulnerability, indicating a high-risk potential that needs immediate attention.

To mitigate these risks, Dorsett Controls recommends users update to InfoScan version 1.38 or later. This update is available via the Dorsett Controls Customer Portal, which provides detailed installation instructions. CISA also urges administrators to isolate control system networks, employ secure access methods like VPNs, and conduct thorough risk assessments before deploying any defensive measures. These steps are critical for minimizing potential exposure and securing ICS environments from exploitation.

 

Reference:

  • CISA Warns on Dorsett InfoScan Vulnerabilities Amid Critical ICS Risks

Tags: August 2024CISACyber AlertsCyber Alerts 2024Cyber threatsDorsett Controls InfoScan systemIndustrial Controls SystemsUnited States
ADVERTISEMENT

Related Posts

Smishing targets routers in Belgium 2025

Smishing targets routers in Belgium 2025

October 2, 2025
Smishing targets routers in Belgium 2025

Outlook Bug Causes Repeated Crashes

October 2, 2025
Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

October 2, 2025
Microsoft Sentinel Unveils AI SIEM

Apple Pushes iPhone and Mac Updates

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

Tesla Fixes TCU Bug With USB Risk

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

EvilAI Malware Posing As AI Tools

October 1, 2025

Latest Alerts

Outlook Bug Causes Repeated Crashes

Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

Tesla Fixes TCU Bug With USB Risk

Apple Pushes iPhone and Mac Updates

EvilAI Malware Posing As AI Tools

Subscribe to our newsletter

    Latest Incidents

    Allianz Life July Breach Hits 1.5M

    Dealership Software Breach Hits 766k

    Suffolk Website Down After Cyber-Attack

    WestJet Confirms Data Breach

    Ransomware Gang Recruits Reporter

    US Surveillance Hack Exposes Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial