CVE-2023-4299

EPSS 0.02%
Published 31.08.2023 21:15:09
Last modified 21.11.2024 08:34:48
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Digi ≫ Realport SwPlatformlinux Version <= 1.9-40

Digi ≫ Realport SwPlatformwindows Version <= 4.8.488.0

Digi ≫ Connectport Ts 8/16 Firmware Version < 2.26.2.4

Digi ≫ Connectport Ts 8/16 Version-

Digi ≫ Passport Firmware Version-

Digi ≫ Passport Version-

Digi ≫ Connectport Lts 8/16/32 Firmware Version < 1.4.9

Digi ≫ Connectport Lts 8/16/32 Version-

Digi ≫ Cm Firmware Version-

Digi ≫ Cm Version-

Digi ≫ Portserver Ts Firmware Version-

Digi ≫ Portserver Ts Version-

Digi ≫ Portserver Ts Mei Firmware Version-

Digi ≫ Portserver Ts Mei Version-

Digi ≫ Portserver Ts Mei Hardened Firmware Version-

Digi ≫ Portserver Ts Mei Hardened Version-

Digi ≫ Portserver Ts M Mei Firmware Version-

Digi ≫ Portserver Ts M Mei Version-

Digi ≫ Portserver Ts P Mei Firmware Version-

Digi ≫ Portserver Ts P Mei Version-

Digi ≫ One Iap Firmware Version-

Digi ≫ One Iap Version-

Digi ≫ One Ia Firmware Version-

Digi ≫ One Ia Version-

Digi ≫ One Sp Ia Firmware Version-

Digi ≫ One Sp Ia Version-

Digi ≫ One Sp Firmware Version-

Digi ≫ One Sp Version-

Digi ≫ Wr31 Firmware Version-

Digi ≫ Wr31 Version-

Digi ≫ Transport Wr11 Xt Firmware Version-

Digi ≫ Transport Wr11 Xt Version-

Digi ≫ Wr44 R Firmware Version-

Digi ≫ Wr44 R Version-

Digi ≫ Wr21 Firmware Version-

Digi ≫ Wr21 Version-

Digi ≫ Connect Es Firmware Version < 2.26.2.4

Digi ≫ Connect Es Version-

Digi ≫ Connect Sp Firmware Version-

Digi ≫ Connect Sp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-836 Use of Password Hash Instead of Password for Authentication

The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04

Third Party Advisory

US Government Resource

https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4299

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4299

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4299

EUVD