ICSA-26-188-07
·
Published 2026-07-07
·
View on CISA ICS-CERT ↗
Digi International PortServer TS, Digi One SP IA
CVSS 5.9
MEDIUM
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.
CVEs (2)
Remediations
- Digi International recommends users upgrade to Digi Connect EZ or Digi Connect EZ TS as a long term solution. If users are not able to upgrade at this time, the following actions should be taken:
- For Digi PortServer TS: Enable HTTPS on the web server.
- Alternatively, disable the web server when it is not actively being used for configuration.
- Compensating control: If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.
- For Digi One SP / Digi One SP IA / Digi One IA: Disable the web server. If you cannot apply the HTTPS configuration, restrict access via firewall or VPN.
- The following deployment practices are the recommended means of reducing exposure: Deploy the device on a trusted network segment, not exposed to untrusted or public networks.
- Place the device behind a firewall or VPN and restrict access to the web management interface to trusted administrative hosts only.
- Safeguard administrator credentials, since exploitation requires authenticated administrator access to write the affected fields.
- For assistance users should contact Digi International's support team https://www.digi.com/support.
- Digi International recommends users perform the following actions regarding XSS: Digi International will not provide a firmware fix for products affected by CVE-2026-12948, which are approaching end-of-life. Digi International recommends users upgrade to the Digi Connect EZ or Digi Connect EZ TS as a long-term solution.
Affected Vendors
Digi International
Affected Products (4)
Digi International
·
PortServer TS
<Firmware_2025
Digi International
·
Digi One SP
<Firmware_2025
Digi International
·
Digi One SP IA
<Firmware_2025
Digi International
·
Digi One IA
<Firmware_2025
Affected Sectors
Critical Manufacturing, Communications, Information Technology, Transportation Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more