Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Warns of Flaws in Dorsett Controls

August 8, 2024
Reading Time: 2 mins read
in Alerts

CISA, in collaboration with an anonymous researcher, released an Industrial Control Systems (ICS) advisory highlighting vulnerabilities in the Dorsett Controls InfoScan system. The advisory warns that these security issues, affecting InfoScan versions 1.32, 1.33, and 1.35, could lead to unauthorized access to sensitive information. The vulnerabilities are linked to exposure of sensitive information and improper limitation of pathnames, allowing potential attackers to access sensitive files or retrieve information about system files without authorization.

The advisory identifies three specific Common Vulnerabilities and Exposures (CVEs): CVE-2024-42493, CVE-2024-42408, and CVE-2024-39287. The first CVE involves a flaw that allows sensitive data exposure before user login, primarily via response headers and JavaScript. The second vulnerability is a path traversal issue, where attackers can intercept client download requests to reveal filenames on the system. The third CVE warns of an unprotected server file containing passwords and API keys, which could lead to credential misuse.

These vulnerabilities represent significant risks to the Water and Wastewater Systems sector in the United States. An exploit could lead to data theft, unauthorized access, and potential further attacks on critical infrastructure. Given the low complexity and remote exploitability of these issues, CISA has assigned a CVSS v4 score of 6.9 for each vulnerability, indicating a high-risk potential that needs immediate attention.

To mitigate these risks, Dorsett Controls recommends users update to InfoScan version 1.38 or later. This update is available via the Dorsett Controls Customer Portal, which provides detailed installation instructions. CISA also urges administrators to isolate control system networks, employ secure access methods like VPNs, and conduct thorough risk assessments before deploying any defensive measures. These steps are critical for minimizing potential exposure and securing ICS environments from exploitation.

 

Reference:

  • CISA Warns on Dorsett InfoScan Vulnerabilities Amid Critical ICS Risks

Tags: August 2024CISACyber AlertsCyber Alerts 2024Cyber threatsDorsett Controls InfoScan systemIndustrial Controls SystemsUnited States
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial