ICSA-26-188-07

Vulnerability from csaf_cisa - Published: 2026-07-07 06:00 - Updated: 2026-07-07 06:00
Summary
Digi International PortServer TS, Digi One SP IA
Notes
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Advisory Summary: Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.
Critical infrastructure sectors: Critical Manufacturing, Communications, Information Technology, Transportation Systems
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
CWE-863 - Incorrect Authorization
Affected products
Product Identifier Version Remediation
Digi International PortServer TS: <Firmware_2025
Digi International / PortServer TS
<Firmware_2025
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation fix
Digi International Digi One SP: <Firmware_2025
Digi International / Digi One SP
<Firmware_2025
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation fix
Digi International Digi One SP IA: <Firmware_2025
Digi International / Digi One SP IA
<Firmware_2025
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation fix
Digi International Digi One IA: <Firmware_2025
Digi International / Digi One IA
<Firmware_2025
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation fix
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Product Identifier Version Remediation
Digi International PortServer TS: <Firmware_2025
Digi International / PortServer TS
<Firmware_2025
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation fix
Digi International Digi One SP: <Firmware_2025
Digi International / Digi One SP
<Firmware_2025
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation fix
Digi International Digi One SP IA: <Firmware_2025
Digi International / Digi One SP IA
<Firmware_2025
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation fix
Digi International Digi One IA: <Firmware_2025
Digi International / Digi One IA
<Firmware_2025
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation fix
Acknowledgments
nviCloud

{
  "document": {
    "acknowledgments": [
      {
        "organization": "nviCloud",
        "summary": "reported these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.",
        "title": "Advisory Summary"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Communications, Information Technology, Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-26-188-07 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-188-07.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-26-188-07 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-07"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
      }
    ],
    "title": "Digi International PortServer TS, Digi One SP IA",
    "tracking": {
      "current_release_date": "2026-07-07T06:00:00.000000Z",
      "generator": {
        "date": "2026-07-06T19:37:01.992234Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-26-188-07",
      "initial_release_date": "2026-07-07T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2026-07-07T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cFirmware_2025",
                "product": {
                  "name": "Digi International PortServer TS: \u003cFirmware_2025",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "PortServer TS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cFirmware_2025",
                "product": {
                  "name": "Digi International Digi One SP: \u003cFirmware_2025",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Digi One SP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cFirmware_2025",
                "product": {
                  "name": "Digi International Digi One SP IA: \u003cFirmware_2025",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Digi One SP IA"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cFirmware_2025",
                "product": {
                  "name": "Digi International Digi One IA: \u003cFirmware_2025",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Digi One IA"
          }
        ],
        "category": "vendor",
        "name": "Digi International"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-12352",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.",
          "title": "Vulnerability Summary"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:N/A:N/2026-07-06T06:00:00.000000Z",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/863.html"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12352"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For Digi PortServer TS: Enable HTTPS on the web server.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Alternatively, disable the web server when it is not actively being used for configuration.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following deployment practices are the recommended means of reducing exposure: Deploy the device on a trusted network segment, not exposed to untrusted or public networks.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the device behind a firewall or VPN and restrict access to the web management interface to trusted administrative hosts only.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Safeguard administrator credentials, since exploitation requires authenticated administrator access to write the affected fields.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "For assistance users should contact Digi International\u0027s support team https://www.digi.com/support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.digi.com/support"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2026-12948",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages.",
          "title": "Vulnerability Summary"
        },
        {
          "category": "details",
          "text": "SSVCv2/E:N/A:N/2026-07-06T06:00:00.000000Z",
          "title": "SSVC"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/79.html"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-12948"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For Digi PortServer TS: Enable HTTPS on the web server.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Alternatively, disable the web server when it is not actively being used for configuration.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Digi International recommends users perform the following actions regarding XSS: Digi International will not provide a firmware fix for products affected by CVE-2026-12948, which are approaching end-of-life. Digi International recommends users upgrade to the Digi Connect EZ or Digi Connect EZ TS as a long-term solution.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following deployment practices are the recommended means of reducing exposure: Deploy the device on a trusted network segment, not exposed to untrusted or public networks.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Place the device behind a firewall or VPN and restrict access to the web management interface to trusted administrative hosts only.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Safeguard administrator credentials, since exploitation requires authenticated administrator access to write the affected fields.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "For assistance users should contact Digi International\u0027s support team https://www.digi.com/support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.digi.com/support"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…