Skip to main content
Security Advisory

Digi Serial Converters and Utility Software

Restrict access to ports TCP/80, TCP/771, TCP/23, TCP/513, TCP/514, and UDP/2362. Ensure only legitimate engineering workstations have access to the Digi One SP web application and telnet ports, and only legitimate HMI/OPC/other data collections can access to the serial passthrough port.


The Dragos' platform has deployed detection signatures to identify exploitation attempts against this device and software.

Risk Information

affected product:

Digi One SP devices with firmware version 82000774_Y 08/26/2019 and prior; Digi Device Discover version 1.6.19.0. and prior

Limited Threat

CVE ID

CVE-2020-24357

CVE-2020-24358

CVE-2020-24694

CVE-2020-24695

CVE-2020-24357

CVE-2020-24358

CVE-2020-24694

CVE-2020-24695

ID

CVE-2020-24357

Source

Dragos

Skill Level

N/A

CVSSV3 BASE / TEMPORAL SCORE

N/A

CVSSV3 vector

N/A

Affecting

  • Digi One SP devices with firmware version 82000774_Y 08/26/2019 and prior; Digi Device Discover version 1.6.19.0. and prior

    • Vulnerability Type

    Cross-site Scripting

    Device Crashes

    Undesired Modification of Device Settings

    Malicious Insertion

    Memory Corruption

    Device Crashes

    Undesired Modification of Device Settings

    Malicious Insertion

    Disclosure Timeline

    08/31/2020 - Dragos discloses issue