First published: Thu Aug 31 2023(Updated: )
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Digi Realport | <=1.9-40 | |
Digi Realport | <=4.8.488.0 | |
Digi Connectport Ts 8\/16 Firmware | <2.26.2.4 | |
Digi Connectport Ts 8\/16 | ||
Digi Passport Firmware | ||
Digi Passport | ||
Digi Connectport Lts 8\/16\/32 Firmware | <1.4.9 | |
Digi Connectport Lts 8\/16\/32 | ||
Digi Cm Firmware | ||
Digi Cm | ||
Digi Portserver Ts Firmware | ||
Digi Portserver Ts | ||
Digi Portserver Ts Mei Firmware | ||
Digi Portserver Ts Mei | ||
Digi Portserver Ts Mei Hardened Firmware | ||
Digi Portserver Ts Mei Hardened | ||
Digi Portserver Ts M Mei Firmware | ||
Digi Portserver Ts M Mei | ||
Digi Portserver Ts P Mei Firmware | ||
Digi Portserver Ts P Mei | ||
Digi One Iap Firmware | ||
Digi One Iap | ||
Digi One Ia Firmware | ||
Digi One Ia | ||
Digi One Sp Ia Firmware | ||
Digi One Sp Ia | ||
Digi One Sp Firmware | ||
Digi One Sp | ||
Digi Wr31 Firmware | ||
Digi Wr31 | ||
Digi Transport Wr11 Xt Firmware | ||
Digi Transport Wr11 Xt | ||
Digi Wr44 R Firmware | ||
Digi Wr44 R | ||
Digi Wr21 Firmware | ||
Digi Wr21 | ||
Digi Connect Es Firmware | <2.26.2.4 | |
Digi Connect Es | ||
Digi Connect Sp Firmware | ||
Digi Connect Sp | ||
Digi International, Inc. Digi RealPort for Windows: version 4.8.488.0 and earlier | ||
Digi International, Inc. Digi RealPort for Linux: version 1.9-40 and earlier | ||
Digi International, Inc. Digi ConnectPort TS 8/16: versions prior to 2.26.2.4 | ||
Digi International, Inc. Digi Passport Console Server: all versions | ||
Digi International, Inc. Digi ConnectPort LTS 8/16/32: versions prior to 1.4.9 | ||
Digi International, Inc. Digi CM Console Server: all versions | ||
Digi International, Inc. Digi PortServer TS: all versions | ||
Digi International, Inc. Digi PortServer TS MEI: all versions | ||
Digi International, Inc. Digi PortServer TS MEI Hardened: all versions | ||
Digi International, Inc. Digi PortServer TS M MEI: all versions | ||
Digi International, Inc. Digi PortServer TS P MEI: all versions | ||
Digi International, Inc. Digi One IAP Family: all versions | ||
Digi International, Inc. Digi One IA: all versions | ||
Digi International, Inc. Digi One SP IA: all versions | ||
Digi International, Inc. Digi One SP: all versions | ||
Digi International, Inc. Digi WR31: all versions | ||
Digi International, Inc. Digi WR11 XT: all versions | ||
Digi International, Inc. Digi WR44 R: all versions | ||
Digi International, Inc. Digi WR21: all versions | ||
Digi International, Inc. Digi Connect ES: versions prior to 2.26.2.4 | ||
Digi International, Inc. Digi Connect SP: all versions | ||
All of | ||
Digi Connectport Ts 8\/16 Firmware | <2.26.2.4 | |
Digi Connectport Ts 8\/16 | ||
All of | ||
Digi Passport Firmware | ||
Digi Passport | ||
All of | ||
Digi Connectport Lts 8\/16\/32 Firmware | <1.4.9 | |
Digi Connectport Lts 8\/16\/32 | ||
All of | ||
Digi Cm Firmware | ||
Digi Cm | ||
All of | ||
Digi Portserver Ts Firmware | ||
Digi Portserver Ts | ||
All of | ||
Digi Portserver Ts Mei Firmware | ||
Digi Portserver Ts Mei | ||
All of | ||
Digi Portserver Ts Mei Hardened Firmware | ||
Digi Portserver Ts Mei Hardened | ||
All of | ||
Digi Portserver Ts M Mei Firmware | ||
Digi Portserver Ts M Mei | ||
All of | ||
Digi Portserver Ts P Mei Firmware | ||
Digi Portserver Ts P Mei | ||
All of | ||
Digi One Iap Firmware | ||
Digi One Iap | ||
All of | ||
Digi One Ia Firmware | ||
Digi One Ia | ||
All of | ||
Digi One Sp Ia Firmware | ||
Digi One Sp Ia | ||
All of | ||
Digi One Sp Firmware | ||
Digi One Sp | ||
All of | ||
Digi Wr31 Firmware | ||
Digi Wr31 | ||
All of | ||
Digi Transport Wr11 Xt Firmware | ||
Digi Transport Wr11 Xt | ||
All of | ||
Digi Wr44 R Firmware | ||
Digi Wr44 R | ||
All of | ||
Digi Wr21 Firmware | ||
Digi Wr21 | ||
All of | ||
Digi Connect Es Firmware | <2.26.2.4 | |
Digi Connect Es | ||
All of | ||
Digi Connect Sp Firmware | ||
Digi Connect Sp |
Digi International recommends users acquire and install patches that they have made available for the following products: * RealPort software for Windows: Fixed in 4.10.490 * Digi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4 * Digi ConnectPort LTS 8/16/32: Fixed in version 1.4.9 * Digi Connect ES: Fixed in firmware version 2.26.2.4 For more information, see the customer notification document https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf published by Digi International.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2023-4299.
The severity level of CVE-2023-4299 is critical, with a severity value of 8.1.
The affected software of CVE-2023-4299 includes Digi RealPort Protocol, Digi Connectport Ts 8/16 Firmware, Digi Connectport Lts 8/16/32 Firmware, Digi Cm Firmware, Digi Portserver Ts Firmware, Digi Portserver Ts Mei Firmware, Digi Portserver Ts Mei Hardened Firmware, Digi Portserver Ts M Mei Firmware, Digi Portserver Ts P Mei Firmware, Digi One Iap Firmware, Digi One Ia Firmware, Digi One Sp Ia Firmware, Digi One Sp Firmware, Digi Wr31 Firmware, Digi Transport Wr11 Xt Firmware, Digi Wr44 R Firmware, Digi Wr21 Firmware, Digi Connect Es Firmware, and Digi Connect Sp Firmware.
The vulnerability allows an attacker to perform a replay attack and bypass authentication to access connected equipment.
You can find more information about CVE-2023-4299 at the following references: [Reference 1](https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04), [Reference 2](https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf).