CVE-2023-4299

Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication

Description

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Remediation

Solution:

  • Digi International recommends users acquire and install patches that they have made available for the following products: * ​RealPort software for Windows: Fixed in 4.10.490 * ​Digi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4 * ​Digi ConnectPort LTS 8/16/32: Fixed in version 1.4.9 * ​Digi Connect ES: Fixed in firmware version 2.26.2.4 ​For more information, see the customer notification document https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf  published by Digi International.

Workaround:

  • Dragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi's devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default. ​If using the system in 'reverse' mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.

Category

9.0
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.02%
Vendor Advisory digi.com
Affected: Digi International Digi RealPort
Affected: Digi International Digi RealPort
Affected: Digi International Digi ConnectPort TS 8/16
Affected: Digi International Digi Passport Console Server
Affected: Digi International Digi ConnectPort LTS 8/16/32
Affected: Digi International Digi CM Console Server
Affected: Digi International Digi PortServer TS
Affected: Digi International Digi PortServer TS MEI
Affected: Digi International Digi PortServer TS MEI Hardened
Affected: Digi International Digi PortServer TS M MEI
Affected: Digi International Digi PortServer TS P MEI
Affected: Digi International Digi One IAP Family
Affected: Digi International Digi One IA
Affected: Digi International Digi One SP IA
Affected: Digi International ​Digi One SP
Affected: Digi International Digi WR31
Affected: Digi International Digi WR11 XT
Affected: Digi International Digi WR44 R
Affected: Digi International Digi WR21
Affected: Digi International Digi Connect ES
Affected: Digi International Digi Connect SP
Affected: Digi International Digi 6350-SR
Affected: Digi International Digi ConnectCore 8X products
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 third party advisory us government resource
https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-4299?
CVE-2023-4299 has been scored as a critical severity vulnerability.
How to fix CVE-2023-4299?
To fix CVE-2023-4299: Digi International recommends users acquire and install patches that they have made available for the following products: * ​RealPort software for Windows: Fixed in 4.10.490 * ​Digi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4 * ​Digi ConnectPort LTS 8/16/32: Fixed in version 1.4.9 * ​Digi Connect ES: Fixed in firmware version 2.26.2.4 ​For more information, see the customer notification document https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf  published by Digi International.
Is CVE-2023-4299 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-4299 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-4299?
CVE-2023-4299 affects Digi International Digi RealPort, Digi International Digi RealPort, Digi International Digi ConnectPort TS 8/16, Digi International Digi Passport Console Server, Digi International Digi ConnectPort LTS 8/16/32, Digi International Digi CM Console Server, Digi International Digi PortServer TS, Digi International Digi PortServer TS MEI, Digi International Digi PortServer TS MEI Hardened, Digi International Digi PortServer TS M MEI, Digi International Digi PortServer TS P MEI, Digi International Digi One IAP Family, Digi International Digi One IA, Digi International Digi One SP IA, Digi International ​Digi One SP, Digi International Digi WR31, Digi International Digi WR11 XT, Digi International Digi WR44 R, Digi International Digi WR21, Digi International Digi Connect ES, Digi International Digi Connect SP, Digi International Digi 6350-SR, Digi International Digi ConnectCore 8X products.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.