Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Published

2023-08-31T21:15:09.183

Last Modified

2024-11-21T08:34:48.760

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Primary
CWE-836

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	digi	realport	≤ 1.9-40	Yes
Application	digi	realport	≤ 4.8.488.0	Yes
Operating System	digi	connectport_ts_8\/16_firmware	< 2.26.2.4	Yes
Hardware	digi	connectport_ts_8\/16	-	No
Operating System	digi	passport_firmware	-	Yes
Hardware	digi	passport	-	No
Operating System	digi	connectport_lts_8\/16\/32_firmware	< 1.4.9	Yes
Hardware	digi	connectport_lts_8\/16\/32	-	No
Operating System	digi	cm_firmware	-	Yes
Hardware	digi	cm	-	No
Operating System	digi	portserver_ts_firmware	-	Yes
Hardware	digi	portserver_ts	-	No
Operating System	digi	portserver_ts_mei_firmware	-	Yes
Hardware	digi	portserver_ts_mei	-	No
Operating System	digi	portserver_ts_mei_hardened_firmware	-	Yes
Hardware	digi	portserver_ts_mei_hardened	-	No
Operating System	digi	portserver_ts_m_mei_firmware	-	Yes
Hardware	digi	portserver_ts_m_mei	-	No
Operating System	digi	portserver_ts_p_mei_firmware	-	Yes
Hardware	digi	portserver_ts_p_mei	-	No
Operating System	digi	one_iap_firmware	-	Yes
Hardware	digi	one_iap	-	No
Operating System	digi	one_ia_firmware	-	Yes
Hardware	digi	one_ia	-	No
Operating System	digi	one_sp_ia_firmware	-	Yes
Hardware	digi	one_sp_ia	-	No
Operating System	digi	one_sp_firmware	-	Yes
Hardware	digi	one_sp	-	No
Operating System	digi	wr31_firmware	-	Yes
Hardware	digi	wr31	-	No
Operating System	digi	transport_wr11_xt_firmware	-	Yes
Hardware	digi	transport_wr11_xt	-	No
Operating System	digi	wr44_r_firmware	-	Yes
Hardware	digi	wr44_r	-	No
Operating System	digi	wr21_firmware	-	Yes
Hardware	digi	wr21	-	No
Operating System	digi	connect_es_firmware	< 2.26.2.4	Yes
Hardware	digi	connect_es	-	No
Operating System	digi	connect_sp_firmware	-	Yes
Hardware	digi	connect_sp	-	No

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 Third Party Advisory, US Government Resource ([email protected])
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf Vendor Advisory ([email protected])
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)