Digi Serial Converters and Utility Software
Restrict access to ports TCP/80, TCP/771, TCP/23, TCP/513, TCP/514, and UDP/2362. Ensure only legitimate engineering workstations have access to the Digi One SP web application and telnet ports, and only legitimate HMI/OPC/other data collections can access to the serial passthrough port.
The Dragos' platform has deployed detection signatures to identify exploitation attempts against this device and software.
affected product:
Digi One SP devices with firmware version 82000774_Y 08/26/2019 and prior; Digi Device Discover version 1.6.19.0. and prior
Limited Threat
CVE ID
CVE-2020-24357
CVE-2020-24358
CVE-2020-24694
CVE-2020-24695
CVE-2020-24357
CVE-2020-24358
CVE-2020-24694
CVE-2020-24695
ID
CVE-2020-24357
Source
Dragos
Skill Level
N/A
CVSSV3 BASE / TEMPORAL SCORE
N/A
CVSSV3 vector
N/A
Affecting
Vulnerability Type
Cross-site Scripting
Device Crashes
Undesired Modification of Device Settings
Malicious Insertion
Memory Corruption
Device Crashes
Undesired Modification of Device Settings
Malicious Insertion
Disclosure Timeline
08/31/2020 - Dragos discloses issue