Sadfud

**Name of the Vulnerable Software and Affected Versions** CIRCONTROL CirCarLife versions prior to 4.3 **Description** An issue was discovered due to the lack of authentication for the "/html/repository" API endpoint, leading to internal installation path disclosure. **Recommendations** For versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/html/repository" API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CIRCONTROL CirCarLife versions prior to 4.3 **Description** An issue was discovered that allows PLC status disclosure due to a lack of authentication for the "/html/devstat.html" API endpoint. **Recommendations** For versions prior to 4.3, update to version 4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CIRCONTROL CirCarLife versions prior to 4.3 **Description** An issue was discovered that leads to system software information disclosure due to a lack of authentication for the "/html/device-id" API endpoint. **Recommendations** For versions prior to 4.3, update to version 4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Lutron Quantum BACnet Integration version 2.0 (firmware 3.2.243) **Description** The issue concerns a lack of proper user authentication, leading to the disclosure of internal network information. Specifically, the "/deviceIP" information is accessible without correct user authentication. **Recommendations** For Lutron Quantum BACnet Integration version 2.0 (firmware 3.2.243), consider restricting access to the "/deviceIP" information until a patch is available. As a temporary workaround, ensure that the network on which the device is located is properly secured to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.