Security Advisory

Digi Serial Converters and Utility Software

Risk Information

Limited Threat

CVE ID

CVE-2020-24357

CVE-2020-24358

CVE-2020-24694

CVE-2020-24695

Vunerability Type

Cross-site Scripting

Denial of Service

Undesired Modification of Device Settings

Malicious Insertion

CVSS3 Score

8.8

8.6

8.8

6.8

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Digi One SP devices: firmware v82000774_Y 08/26/2019 and prior

Digi Device Discover: v1.6.19.0. and prior

Digi has not released update to address these issues.

08/31/2020