CVE-2023-4299 - OpenCVE

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Digi	Connect Es Firmware One Ia Firmware Connectport Lts 8\/16\/32 Firmware Wr44 R Firmware Passport Firmware Realport Wr44 R Portserver Ts Mei Hardened Firmware Portserver Ts P Mei Firmware Portserver Ts Mei Hardened One Sp Ia Firmware Cm Connectport Ts 8\/16 Firmware One Sp Cm Firmware Wr21 Connect Es One Ia Connectport Ts 8\/16 Passport Portserver Ts Connect Sp Firmware Transport Wr11 Xt Portserver Ts M Mei One Iap Firmware Portserver Ts Mei Firmware Portserver Ts Firmware One Sp Firmware Wr31 Wr21 Firmware Transport Wr11 Xt Firmware Portserver Ts P Mei One Sp Ia Connect Sp Connectport Lts 8\/16\/32 Portserver Ts Mei Wr31 Firmware One Iap Portserver Ts M Mei Firmware

Configuration 1 [-]

OR	cpe:2.3:a:digi:realport::::::linux::*
	cpe:2.3:a:digi:realport::::::windows::*

Configuration 2 [-]

AND

cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04	Third Party Advisory US Government Resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf	Vendor Advisory