An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
16 Aug 2022, 11:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:digi:connectport_x2d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:digi:connectport_x2d:-:*:*:*:*:*:*:* |
|
First Time |
Digi connectport X2d
Digi Digi connectport X2d Firmware |
|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
10 Aug 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-10 20:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2634
Mitre link : CVE-2022-2634
CVE.ORG link : CVE-2022-2634
JSON object : View
Products Affected
digi
- connectport_x2d_firmware
- connectport_x2d
CWE
CWE-250
Execution with Unnecessary Privileges