Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 | Third Party Advisory US Government Resource |
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
History
06 Sep 2023, 20:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Digi one Sp Ia Firmware
Digi wr21 Digi one Sp Ia Digi portserver Ts P Mei Firmware Digi one Iap Digi portserver Ts Digi wr31 Digi portserver Ts Firmware Digi portserver Ts Mei Hardened Firmware Digi cm Digi Digi one Sp Digi one Iap Firmware Digi connect Sp Digi transport Wr11 Xt Firmware Digi portserver Ts M Mei Digi portserver Ts Mei Firmware Digi connect Es Digi realport Digi wr31 Firmware Digi passport Digi connectport Ts 8\/16 Digi portserver Ts M Mei Firmware Digi portserver Ts Mei Hardened Digi portserver Ts P Mei Digi connectport Lts 8\/16\/32 Digi transport Wr11 Xt Digi one Sp Firmware Digi wr44 R Digi portserver Ts Mei Digi passport Firmware Digi connectport Lts 8\/16\/32 Firmware Digi connectport Ts 8\/16 Firmware Digi one Ia Digi connect Es Firmware Digi wr44 R Firmware Digi cm Firmware Digi connect Sp Firmware Digi one Ia Firmware Digi wr21 Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - Third Party Advisory, US Government Resource | |
References | (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - Vendor Advisory | |
CPE | cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:* cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:* cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:* cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:* cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:* cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:* cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:* cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:* cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:* cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:* cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:* cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:* cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:* |
31 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-31 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4299
Mitre link : CVE-2023-4299
CVE.ORG link : CVE-2023-4299
JSON object : View
Products Affected
digi
- cm_firmware
- portserver_ts_mei
- portserver_ts_p_mei_firmware
- one_sp
- portserver_ts_mei_hardened
- cm
- connect_sp_firmware
- one_iap
- one_ia
- wr21_firmware
- portserver_ts_m_mei_firmware
- realport
- portserver_ts_firmware
- passport
- one_sp_firmware
- connectport_lts_8\/16\/32_firmware
- connectport_lts_8\/16\/32
- portserver_ts_mei_hardened_firmware
- connectport_ts_8\/16_firmware
- portserver_ts
- connect_es_firmware
- wr31_firmware
- one_sp_ia_firmware
- transport_wr11_xt
- wr21
- portserver_ts_mei_firmware
- connect_sp
- wr31
- wr44_r_firmware
- passport_firmware
- one_ia_firmware
- one_sp_ia
- one_iap_firmware
- transport_wr11_xt_firmware
- portserver_ts_p_mei
- connect_es
- portserver_ts_m_mei
- wr44_r
- connectport_ts_8\/16
CWE
CWE-836
Use of Password Hash Instead of Password for Authentication