CVE-2024-42493
📋 TL;DR
Dorsett Controls InfoScan leaks potentially sensitive information through response headers and JavaScript before user authentication. This allows attackers to gather reconnaissance data about the system without credentials. Organizations using vulnerable versions of InfoScan are affected.
💻 Affected Systems
- Dorsett Controls InfoScan
📦 What is this software?
Infoscan by Dorsettcontrols
Infoscan by Dorsettcontrols
Infoscan by Dorsettcontrols
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain sensitive system information that enables further attacks like authentication bypass or targeted exploitation of other vulnerabilities.
Likely Case
Information disclosure that reveals system details, software versions, or internal paths, aiding attackers in reconnaissance for future attacks.
If Mitigated
Limited information exposure with no direct system compromise if proper network segmentation and access controls are implemented.
🎯 Exploit Status
Exploitation requires no authentication and involves simple HTTP requests to extract information from headers and JavaScript responses.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://portal.dtscada.com/#/security-bulletins?bulletin=1
Restart Required: Yes
Instructions:
1. Review vendor advisory at provided URL. 2. Download and apply the recommended patch/update from Dorsett Controls. 3. Restart the InfoScan service/application. 4. Verify the fix using verification steps.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to InfoScan to only trusted IP addresses/networks
Use firewall rules to limit access (e.g., iptables, Windows Firewall)
Reverse Proxy Filtering
allDeploy a reverse proxy to filter sensitive headers from responses
Configure web server (Apache/Nginx) or WAF to remove sensitive headers
🧯 If You Can't Patch
- Implement strict network segmentation to isolate InfoScan from untrusted networks
- Deploy a web application firewall (WAF) configured to detect and block information disclosure attempts
🔍 How to Verify
Check if Vulnerable:
Send HTTP requests to InfoScan login page and examine response headers and JavaScript content for sensitive information before authenticationCheck Version:
Check InfoScan version through application interface or consult vendor documentationVerify Fix Applied:
After patching, repeat the check to confirm sensitive information is no longer exposed in headers or JavaScript📡 Detection & Monitoring
Log Indicators:
- Unusual volume of requests to login page from single sources
- Requests that specifically analyze response headers
Network Indicators:
- HTTP traffic to InfoScan login endpoints with header analysis patterns
- Repeated unauthenticated requests from external IPs
SIEM Query:
source_ip=external AND destination_port=80 OR 443 AND uri_path CONTAINS 'login' AND user_agent CONTAINS 'curl' OR 'wget' OR 'scanner'