CVE-2022-2634

Summary

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.

Affected Software

VendorProductVersion RangeStatus
DigiConnectPort X2DAll manufactured prior to 01/2020affected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

Workarounds

Digi International indicated this vulnerability does not exist in ConnectPort gateways manufactured after January 2020. It is recommended to contact Digi International support for assistance with impacted devices manufactured prior to January 2020.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References