CISA

Digi International PortServer TS, Digi One SP IA

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.

The following versions of Digi International PortServer TS, Digi One SP IA are affected:

PortServer TS

Digi One SP

Digi One SP IA

Digi One IA

Vendor

Equipment

Digi International

Digi International PortServer TS, Digi One SP IA

Incorrect Authorization, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Critical Infrastructure Sectors: Critical Manufacturing, Communications, Information Technology, Transportation Systems

Countries/Areas Deployed: Worldwide

Company Headquarters Location: United States

The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.

Digi International PortSe...