ICSA-26-188-07
Vulnerability from csaf_cisa - Published: 2026-07-07 06:00 - Updated: 2026-07-07 06:00Summary
Digi International PortServer TS, Digi One SP IA
Notes
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Summary: Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.
Critical infrastructure sectors: Critical Manufacturing, Communications, Information Technology, Transportation Systems
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
5.9 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Digi International PortServer TS: <Firmware_2025
Digi International / PortServer TS
|
<Firmware_2025 |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Digi International Digi One SP: <Firmware_2025
Digi International / Digi One SP
|
<Firmware_2025 |
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Digi International Digi One SP IA: <Firmware_2025
Digi International / Digi One SP IA
|
<Firmware_2025 |
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Digi International Digi One IA: <Firmware_2025
Digi International / Digi One IA
|
<Firmware_2025 |
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Digi International PortServer TS: <Firmware_2025
Digi International / PortServer TS
|
<Firmware_2025 |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Digi International Digi One SP: <Firmware_2025
Digi International / Digi One SP
|
<Firmware_2025 |
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Digi International Digi One SP IA: <Firmware_2025
Digi International / Digi One SP IA
|
<Firmware_2025 |
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Digi International Digi One IA: <Firmware_2025
Digi International / Digi One IA
|
<Firmware_2025 |
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
19 references
Acknowledgments
nviCloud
{
"document": {
"acknowledgments": [
{
"organization": "nviCloud",
"summary": "reported these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.",
"title": "Advisory Summary"
},
{
"category": "other",
"text": "Critical Manufacturing, Communications, Information Technology, Transportation Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-26-188-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-188-07.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-26-188-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Digi International PortServer TS, Digi One SP IA",
"tracking": {
"current_release_date": "2026-07-07T06:00:00.000000Z",
"generator": {
"date": "2026-07-06T19:37:01.992234Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-26-188-07",
"initial_release_date": "2026-07-07T06:00:00.000000Z",
"revision_history": [
{
"date": "2026-07-07T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cFirmware_2025",
"product": {
"name": "Digi International PortServer TS: \u003cFirmware_2025",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "PortServer TS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cFirmware_2025",
"product": {
"name": "Digi International Digi One SP: \u003cFirmware_2025",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Digi One SP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cFirmware_2025",
"product": {
"name": "Digi International Digi One SP IA: \u003cFirmware_2025",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Digi One SP IA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cFirmware_2025",
"product": {
"name": "Digi International Digi One IA: \u003cFirmware_2025",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Digi One IA"
}
],
"category": "vendor",
"name": "Digi International"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12352",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:N/2026-07-06T06:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12352"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "For Digi PortServer TS: Enable HTTPS on the web server.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Alternatively, disable the web server when it is not actively being used for configuration.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The following deployment practices are the recommended means of reducing exposure: Deploy the device on a trusted network segment, not exposed to untrusted or public networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Place the device behind a firewall or VPN and restrict access to the web management interface to trusted administrative hosts only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Safeguard administrator credentials, since exploitation requires authenticated administrator access to write the affected fields.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For assistance users should contact Digi International\u0027s support team https://www.digi.com/support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.digi.com/support"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2026-12948",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:N/2026-07-06T06:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12948"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "For Digi PortServer TS: Enable HTTPS on the web server.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Alternatively, disable the web server when it is not actively being used for configuration.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Digi International recommends users perform the following actions regarding XSS: Digi International will not provide a firmware fix for products affected by CVE-2026-12948, which are approaching end-of-life. Digi International recommends users upgrade to the Digi Connect EZ or Digi Connect EZ TS as a long-term solution.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The following deployment practices are the recommended means of reducing exposure: Deploy the device on a trusted network segment, not exposed to untrusted or public networks.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Place the device behind a firewall or VPN and restrict access to the web management interface to trusted administrative hosts only.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Safeguard administrator credentials, since exploitation requires authenticated administrator access to write the affected fields.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For assistance users should contact Digi International\u0027s support team https://www.digi.com/support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.digi.com/support"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…