Digi RealPort Protocol
Act Now9ICS-CERT ICSA-23-243-04Aug 31, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Digi RealPort Protocol vulnerability (CWE-836) affects multiple Digi serial device servers and RealPort client software. Successful exploitation could allow an attacker to access connected equipment controlled through the RealPort interface. The vulnerability has high attack complexity and is not known to be actively exploited.
What this means
What could happen
An attacker could gain unauthorized access to serial devices and equipment connected through Digi RealPort interfaces, potentially allowing them to interact with industrial devices, sensors, or controllers downstream of the compromised serial server.
Who's at risk
Water utilities and municipal electric utilities with Digi RealPort-based serial device access should care about this. This affects: Digi RealPort client software on Windows and Linux workstations used for remote serial terminal access, Digi serial device servers (ConnectPort TS, ConnectPort LTS, Passport Console, CM Console, PortServer TS series, One IAP/IA series), and Digi terminal/cellular routers (WR31, WR11 XT, WR44 R, WR21). Particularly critical for sites using RealPort to access remote site modems, terminal servers, or PLCs.
How it could be exploited
An attacker with network access to the RealPort service (TCP/771 by default, or TCP/1027 if encryption is enabled) could exploit the vulnerability to access the serial device server. Once compromised, the attacker could communicate with connected serial devices (PLCs, terminal servers, modems, or other equipment) that are normally reachable only through the RealPort protocol.
Prerequisites
- Network access to TCP/771 (default RealPort port) or TCP/1027 (encrypted RealPort port)
- High attack complexity suggesting attacker needs deep knowledge of the RealPort protocol or specific system configuration
Remotely exploitableHigh attack complexityNo fix available for most Digi product linesOnly 1 of 20 affected product variants has a vendor fix
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (21)
4 with fix17 EOL
ProductAffected VersionsFix Status
Digi ConnectPort LTS 8/16/32: < 1.4.9< 1.4.91.4.9
Digi RealPort for Linux: <= 1.9-40≤ 1.9-40No fix (EOL)
Digi ConnectPort TS 8/16: < 2.26.2.4< 2.26.2.42.26.2.4
Digi CM Console Server: *All versionsNo fix (EOL)
Digi PortServer TS: *All versionsNo fix (EOL)
Remediation & Mitigation
0/8
Do now
0/2WORKAROUNDRestrict network access to RealPort ports (TCP/771 default, TCP/1027 if encryption enabled) to only known engineering workstations and authorized users
WORKAROUNDFor reverse-mode RealPort connections (where Digi device initiates callback), restrict incoming access on the workstation RealPort port to only authorized Digi devices
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXApply firmware/software patch: RealPort for Windows version 4.10.490 or later
HOTFIXApply firmware patch: Digi ConnectPort TS 8/16 firmware version 2.26.2.4 or later
HOTFIXApply software patch: Digi ConnectPort LTS 8/16/32 version 1.4.9 or later
HOTFIXApply firmware patch: Digi Connect ES firmware version 2.26.2.4 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: Digi RealPort for Linux: <= 1.9-40, Digi CM Console Server: *, Digi PortServer TS: *, Digi One IAP Family: *, Digi One IA: *, Digi One SP IA: *, Digi One SP: *, Digi WR31: *, Digi WR11 XT: *, Digi WR44 R: *, Digi WR21: *, Digi Connect SP: *, Digi Passport Console Server: *, Digi PortServer TS MEI: *, Digi PortServer TS MEI Hardened: *, Digi PortServer TS M MEI: *, Digi PortServer TS P MEI: *. Apply the following compensating controls:
HARDENINGVerify and document which TCP port RealPort service is configured to use on each Digi device, as this may differ from defaults
HARDENINGSegment Digi serial device servers on a restricted network with access limited to necessary workstations and operators
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6a46d799-7ac9-41d0-83a4-1165ecb96e7d