CVE-2020-6973 in ConnectPort LTS 32 MEI
Summary
by MITRE
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/10/2025
The vulnerability identified as CVE-2020-6973 affects Digi International ConnectPort LTS 32 MEI devices running firmware version 1.4.3 and BIOS version 1.2. This industrial networking equipment represents a critical component in remote monitoring and management systems, particularly in environments requiring secure connectivity for critical infrastructure operations. The device serves as a gateway for industrial IoT deployments, making it a potential target for adversaries seeking to disrupt operations or gain unauthorized access to industrial control systems. The presence of multiple cross-site scripting vulnerabilities within this device's interface exposes it to sophisticated attack vectors that could compromise operational continuity and system integrity.
The technical flaw manifests through cross-site scripting vulnerabilities that reside within the device's web-based management interface. These vulnerabilities allow attackers to inject malicious scripts that execute within the context of authenticated sessions, potentially enabling unauthorized actions including but not limited to session hijacking, data manipulation, and privilege escalation. The nature of these XSS flaws suggests insufficient input validation and output encoding mechanisms within the device's user interface components, particularly in parameters handling user-supplied data. The vulnerability enables attackers to craft malicious payloads that can be executed when legitimate users navigate to affected pages or interact with compromised interface elements.
The operational impact of this vulnerability extends beyond simple denial-of-service conditions to encompass broader security implications for industrial environments. Attackers exploiting these vulnerabilities could potentially disrupt critical operations by causing the device to become unresponsive or by manipulating its configuration settings. The device's role in remote monitoring and management means that successful exploitation could lead to complete loss of visibility into connected industrial systems, creating significant operational risks for organizations relying on these platforms for critical infrastructure monitoring. The vulnerability's potential for causing denial-of-service conditions directly impacts the availability of the industrial network connectivity, which could result in cascading failures across dependent systems.
Mitigation strategies for this vulnerability should encompass multiple layers of security controls to address both immediate exposure and long-term resilience. Organizations should implement network segmentation to isolate affected devices from critical infrastructure components, while also applying firmware updates from Digi International to address the identified XSS vulnerabilities. The implementation of web application firewalls and input validation mechanisms can provide additional protection against exploitation attempts. Security monitoring should be enhanced to detect anomalous behavior patterns that might indicate exploitation attempts, while access controls should be strengthened to limit the scope of potential impact from successful attacks. This vulnerability aligns with CWE-79 Cross-site Scripting and follows ATT&CK tactics including T1059 Command and Scripting Interpreter and T1499 Endpoint Denial of Service, highlighting the need for comprehensive defensive measures across both network and application security domains.