First published: Thu Aug 04 2022(Updated: )
An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Digi Connectport X2d Firmware | <2020-01-01 | |
Digi Connectport X2d | ||
Digi International, Inc. Digi ConnectPort X2D Gateway: All firmware versions in devices manufactured prior to January 2020 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-2634 is critical with a CVSS score of 9.8.
An attacker may be able to execute malicious actions and upload Python files that can be later executed.
Digi Connectport X2d Firmware versions up to and excluding 2020-01-01 are affected.
To fix CVE-2022-2634, it is recommended to implement device access protections and secure device permissions when using the web application.
More information about CVE-2022-2634 can be found at the following reference link: [https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01]