CVE-2023-4299
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Digi International | Digi RealPort | 0 <= 4.8.488.0 | affected |
| Digi International | Digi RealPort | 0 <= 1.9-40 | affected |
| Digi International | Digi ConnectPort TS 8/16 | 0 < 2.26.2.4 | affected |
| Digi International | Digi Passport Console Server | all versions | affected |
| Digi International | Digi ConnectPort LTS 8/16/32 | 0 < 1.4.9 | affected |
| Digi International | Digi CM Console Server | all versions | affected |
| Digi International | Digi PortServer TS | all versions | affected |
| Digi International | Digi PortServer TS MEI | all versions | affected |
| Digi International | Digi PortServer TS MEI Hardened | all versions | affected |
| Digi International | Digi PortServer TS M MEI | all versions | affected |
| Digi International | Digi PortServer TS P MEI | all versions | affected |
| Digi International | Digi One IAP Family | all versions | affected |
| Digi International | Digi One IA | all versions | affected |
| Digi International | Digi One SP IA | all versions | affected |
| Digi International | Digi One SP | all versions | affected |
| Digi International | Digi WR31 | all versions | affected |
| Digi International | Digi WR11 XT | all versions | affected |
| Digi International | Digi WR44 R | all versions | affected |
| Digi International | Digi WR21 | all versions | affected |
| Digi International | Digi Connect ES | 0 < 2.26.2.4 | affected |
| Digi International | Digi Connect SP | all versions | affected |
| Digi International | Digi 6350-SR | all versions | unaffected |
| Digi International | Digi ConnectCore 8X products | all versions | unaffected |
Weaknesses
- CWE-836: CWE-836
Workarounds
Dragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi's devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default.
If using the system in 'reverse' mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04
- https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04
- https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.