{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4299", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-08-10T20:14:27.489Z", "datePublished": "2023-08-31T20:45:43.866Z", "dateUpdated": "2025-01-16T21:30:37.810Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Digi RealPort", "vendor": "Digi International ", "versions": [{"lessThanOrEqual": "4.8.488.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Digi RealPort", "vendor": "Digi International ", "versions": [{"lessThanOrEqual": "1.9-40", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi ConnectPort TS 8/16", "vendor": "Digi International ", "versions": [{"lessThan": "2.26.2.4", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi Passport Console Server", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi ConnectPort LTS 8/16/32", "vendor": "Digi International ", "versions": [{"lessThan": "1.4.9", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi CM Console Server", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS MEI", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS MEI Hardened", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS M MEI", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS P MEI", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi One IAP Family", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi One IA", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi One SP IA", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "\u200bDigi One SP", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR31", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR11 XT", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR44 R", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR21", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi Connect ES", "vendor": "Digi International ", "versions": [{"lessThan": "2.26.2.4", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi Connect SP", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi 6350-SR", "vendor": "Digi International ", "versions": [{"status": "unaffected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi ConnectCore 8X products", "vendor": "Digi International ", "versions": [{"status": "unaffected", "version": "all versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos, Inc reported this vulnerability to Digi International."}], "datePublic": "2023-08-31T20:29:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.</span>\n\n"}], "value": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-836", "description": "CWE-836", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-08-31T20:45:43.866Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"}, {"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Digi International recommends users acquire and install patches that they have made available for the following products:</p><ul><li>\u200bRealPort software for Windows: Fixed in 4.10.490</li><li>\u200bDigi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4</li><li>\u200bDigi ConnectPort LTS 8/16/32: Fixed in version 1.4.9</li><li>\u200bDigi Connect ES: Fixed in firmware version 2.26.2.4</li></ul><p>\u200bFor more information, see the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf\">customer notification document</a>&nbsp;published by Digi International.</p>\n\n<br>"}], "value": "\nDigi International recommends users acquire and install patches that they have made available for the following products:\n\n * \u200bRealPort software for Windows: Fixed in 4.10.490\n * \u200bDigi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4\n * \u200bDigi ConnectPort LTS 8/16/32: Fixed in version 1.4.9\n * \u200bDigi Connect ES: Fixed in firmware version 2.26.2.4\n\n\n\u200bFor more information, see the customer notification document https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf \u00a0published by Digi International.\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Dragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi's devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default.</p><p>\u200bIf using the system in 'reverse' mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.</p>\n\n<br>"}], "value": "\nDragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi's devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default.\n\n\u200bIf using the system in 'reverse' mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.\n\n\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.616Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04", "tags": ["x_transferred"]}, {"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T21:20:30.564576Z", "id": "CVE-2023-4299", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:30:37.810Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4299", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-08-10T20:14:27.489Z", "datePublished": "2023-08-31T20:45:43.866Z", "dateUpdated": "2025-01-16T21:30:37.810Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Digi RealPort", "vendor": "Digi International ", "versions": [{"lessThanOrEqual": "4.8.488.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Digi RealPort", "vendor": "Digi International ", "versions": [{"lessThanOrEqual": "1.9-40", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi ConnectPort TS 8/16", "vendor": "Digi International ", "versions": [{"lessThan": "2.26.2.4", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi Passport Console Server", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi ConnectPort LTS 8/16/32", "vendor": "Digi International ", "versions": [{"lessThan": "1.4.9", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi CM Console Server", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS MEI", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS MEI Hardened", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS M MEI", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi PortServer TS P MEI", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi One IAP Family", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi One IA", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi One SP IA", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "\u200bDigi One SP", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR31", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR11 XT", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR44 R", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi WR21", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi Connect ES", "vendor": "Digi International ", "versions": [{"lessThan": "2.26.2.4", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Digi Connect SP", "vendor": "Digi International ", "versions": [{"status": "affected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi 6350-SR", "vendor": "Digi International ", "versions": [{"status": "unaffected", "version": "all versions"}]}, {"defaultStatus": "unaffected", "product": "Digi ConnectCore 8X products", "vendor": "Digi International ", "versions": [{"status": "unaffected", "version": "all versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos, Inc reported this vulnerability to Digi International."}], "datePublic": "2023-08-31T20:29:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.</span>\n\n"}], "value": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-836", "description": "CWE-836", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-08-31T20:45:43.866Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"}, {"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Digi International recommends users acquire and install patches that they have made available for the following products:</p><ul><li>\u200bRealPort software for Windows: Fixed in 4.10.490</li><li>\u200bDigi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4</li><li>\u200bDigi ConnectPort LTS 8/16/32: Fixed in version 1.4.9</li><li>\u200bDigi Connect ES: Fixed in firmware version 2.26.2.4</li></ul><p>\u200bFor more information, see the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf\">customer notification document</a>&nbsp;published by Digi International.</p>\n\n<br>"}], "value": "\nDigi International recommends users acquire and install patches that they have made available for the following products:\n\n * \u200bRealPort software for Windows: Fixed in 4.10.490\n * \u200bDigi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4\n * \u200bDigi ConnectPort LTS 8/16/32: Fixed in version 1.4.9\n * \u200bDigi Connect ES: Fixed in firmware version 2.26.2.4\n\n\n\u200bFor more information, see the customer notification document https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf \u00a0published by Digi International.\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Dragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi's devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default.</p><p>\u200bIf using the system in 'reverse' mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.</p>\n\n<br>"}], "value": "\nDragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi's devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default.\n\n\u200bIf using the system in 'reverse' mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.\n\n\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.616Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04", "tags": ["x_transferred"]}, {"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4299", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-16T21:20:30.564576Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:20:32.075Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*", "matchCriteriaId": "D59A75BB-9159-4631-BC71-39969604EB41", "versionEndIncluding": "1.9-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4051C215-7A7D-44AF-8194-ABB054C8C0AA", "versionEndIncluding": "4.8.488.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:connectport_ts_8\\/16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "140FCBA8-D74A-4889-9581-2A1E354DE70B", "versionEndExcluding": "2.26.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:connectport_ts_8\\/16:-:*:*:*:*:*:*:*", "matchCriteriaId": "E90551D8-A6FF-40EE-BE92-C60D3CCF9FD6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "42EC9732-7287-4295-9A45-BAEB9C3D7D52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6129E3F-BB64-47B1-8041-F955CAD1A139", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:connectport_lts_8\\/16\\/32_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4974BD84-B144-45C6-BA1D-E651FA93F8C1", "versionEndExcluding": "1.4.9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:connectport_lts_8\\/16\\/32:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0620D1B-2856-4EDC-9BD4-F450375EF2B6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "580B6AD7-98A4-4656-BC4B-EEBC15D86BFA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A9DDFA4-8F21-47E4-97D0-3B135072E273", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89CC1603-A6ED-48A2-AC9B-EC11F00E0C02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE6377CC-097B-4775-9964-338A3CFA87CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACE660D5-F5D8-4449-9A11-61A290E8B6A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8206DA8-2823-4116-9E76-975C9A3F2EF7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A1C8BFC-EA8C-45A9-8391-A578BD2129BB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*", "matchCriteriaId": "817E2152-5A72-4B88-A1A1-8CFEFA134979", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "70583280-A89A-470B-B8C3-DF8151F43D79", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FC7BF4B-3C56-44B2-8933-E24ACCA000E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "07964E3F-C71E-455C-90C1-E59350924F92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*", "matchCriteriaId": "C711FEFA-0A37-4B97-AAC0-D0330D9F5E55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "01501047-CD6D-490C-984E-441939D077A4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CF501FC-E102-4D8D-A2B7-6F9D0F444959", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E409760-A00D-4485-BACD-5EE5453BA1BA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BE8C4FB-9DB5-4A32-8EFC-69B746BF2E33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AB7FF5F-02DE-4848-AA66-9F71CEBEDB5B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6B2D2BF-01FA-4F15-A747-CB315E27E94E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "61E623C5-610E-4B76-81DE-94B9783E3B17", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "85CDFA6C-067B-4D3B-8448-034286F36E69", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "24D3E7C4-92B1-4C98-A9EE-0D1B0F00914D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9F02872-5C53-419B-902C-4906E546C8B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "76684195-7836-4EDF-AE59-CB4A5CE938AD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D08ACA8-BF3A-4401-AB11-1D92CA7933A1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5E08FD-5872-4E42-BDA7-2B15CF49C06D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FE33679-08C1-4133-8D51-05B1EBC21B99", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EC0E5E9-FBFE-4C99-9C68-6322B255BE88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36063F6A-E10E-45FF-98D4-F90A995428C5", "versionEndExcluding": "2.26.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EF02532-005E-4246-AA51-DAC2EA1726FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9732CC2E-BD0F-4528-819C-A214B4810C2B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAF15AE4-A3AD-4AB2-AFCA-05C1946972F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\n\n"}, {"lang": "es", "value": "El protocolo Digi RealPort es vulnerable a un ataque de repetici\u00f3n que puede permitir a un atacante saltarse la autenticaci\u00f3n para acceder a los equipos conectados. "}], "id": "CVE-2023-4299", "lastModified": "2024-11-21T08:34:48.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-31T21:15:09.183", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-836"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{}