David Castro

**Name of the Vulnerable Software and Affected Versions** CirCarLife Scada versions prior to 4.3 **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved by making a direct request for specific URI endpoints, such as "html/log" or "services/system/info.html". **Recommendations** For versions prior to 4.3, update to version 4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Lutron Quantum BACnet Integration version 2.0 (firmware 3.2.243) **Description** The issue concerns a lack of proper user authentication, leading to the disclosure of internal network information. Specifically, the "/deviceIP" information is accessible without correct user authentication. **Recommendations** For Lutron Quantum BACnet Integration version 2.0 (firmware 3.2.243), consider restricting access to the "/deviceIP" information until a patch is available. As a temporary workaround, ensure that the network on which the device is located is properly secured to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.