CVE-2022-2634
CRITICALDigi ConnectPort X2d <2020-01-01 - Unauthenticated RCE via File Upload
Title source: llmDescription
An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01
Scores
CVSS v3
10.0
EPSS
0.0082
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-250
Status
published
Products (1)
digi/connectport_x2d_firmware
< 2020-01-01
Published
Aug 10, 2022
Tracked Since
Feb 18, 2026