CVE-2023-4299

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4299
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 Third Party Advisory US Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*
History

06 Sep 2023, 20:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1
CPE cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*
cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*
cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*
First Time Digi transport Wr11 Xt Firmware
Digi cm
Digi wr31 Firmware
Digi one Iap Firmware
Digi connectport Lts 8\/16\/32
Digi portserver Ts Mei Hardened Firmware
Digi portserver Ts M Mei
Digi wr31
Digi one Sp Ia
Digi portserver Ts M Mei Firmware
Digi one Sp Firmware
Digi portserver Ts P Mei
Digi portserver Ts P Mei Firmware
Digi one Sp
Digi portserver Ts
Digi wr21 Firmware
Digi connect Sp Firmware
Digi portserver Ts Mei Hardened
Digi wr44 R
Digi one Sp Ia Firmware
Digi one Iap
Digi connectport Ts 8\/16 Firmware
Digi passport Firmware
Digi cm Firmware
Digi connectport Lts 8\/16\/32 Firmware
Digi connectport Ts 8\/16
Digi one Ia
Digi portserver Ts Mei Firmware
Digi
Digi connect Es
Digi transport Wr11 Xt
Digi connect Es Firmware
Digi portserver Ts Mei
Digi passport
Digi realport
Digi one Ia Firmware
Digi portserver Ts Firmware
Digi wr21
Digi wr44 R Firmware
Digi connect Sp
References (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - Vendor Advisory
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - Third Party Advisory, US Government Resource

31 Aug 2023, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-31 21:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-4299

Mitre link : CVE-2023-4299

CVE.ORG link : CVE-2023-4299

JSON object : View

Products Affected

digi

  • connect_es
  • passport
  • wr44_r
  • portserver_ts_mei_hardened
  • connectport_ts_8\/16
  • portserver_ts_p_mei_firmware
  • one_sp_ia
  • cm
  • portserver_ts_m_mei_firmware
  • realport
  • portserver_ts_mei_firmware
  • one_iap
  • one_sp_firmware
  • connect_sp_firmware
  • portserver_ts_p_mei
  • portserver_ts_firmware
  • portserver_ts_m_mei
  • connectport_ts_8\/16_firmware
  • portserver_ts_mei_hardened_firmware
  • one_ia
  • portserver_ts_mei
  • wr31
  • one_sp_ia_firmware
  • cm_firmware
  • connect_sp
  • one_iap_firmware
  • transport_wr11_xt
  • connect_es_firmware
  • wr44_r_firmware
  • portserver_ts
  • one_ia_firmware
  • one_sp
  • passport_firmware
  • wr21
  • transport_wr11_xt_firmware
  • connectport_lts_8\/16\/32
  • connectport_lts_8\/16\/32_firmware
  • wr21_firmware
  • wr31_firmware
CWE
CWE-836

Use of Password Hash Instead of Password for Authentication