Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.
The following versions of Digi International PortServer TS, Digi One SP IA are affected:
PortServer TS
Digi One SP
Digi One SP IA
Digi One IA
Vendor
Equipment
Digi International
Digi International PortServer TS, Digi One SP IA
Incorrect Authorization, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Critical Infrastructure Sectors: Critical Manufacturing, Communications, Information Technology, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States
The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.