CVE-2024-50627 is a privilege escalation vulnerability identified in Digi ConnectPort LTS devices before version 1.4.12. The vulnerability is rooted in the device's file upload functionality, which improperly validates permissions, allowing an attacker on the local area network (LAN) with certain access rights to upload and execute arbitrary malicious files. This flaw enables the attacker to escalate privileges beyond their intended scope, potentially gaining unauthorized control over the device and its underlying system. The vulnerability is classified under CWE-552, indicating exposure of sensitive information to an unauthorized actor. The CVSS 3.1 base score of 8.8 reflects a high severity, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability all rated high (C:H/I:H/A:H). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. Digi ConnectPort LTS devices are commonly used in industrial and enterprise environments for secure device connectivity, making this vulnerability particularly concerning for operational technology (OT) and critical infrastructure sectors. No public exploits have been reported yet, but the vulnerability's characteristics make it a prime candidate for exploitation once weaponized. The lack of authentication requirement and absence of user interaction further increase the risk of exploitation by insiders or compromised LAN actors.

The exploitation of CVE-2024-50627 can have severe consequences for organizations worldwide. Attackers can gain unauthorized system access, potentially leading to full compromise of the affected Digi ConnectPort LTS device. This can result in unauthorized disclosure of sensitive information, manipulation or destruction of data, and disruption of device availability. Given that these devices often serve as gateways or connectivity points in industrial control systems and enterprise networks, a successful attack could facilitate lateral movement into critical infrastructure or enterprise environments. This could lead to operational downtime, safety hazards, financial losses, and damage to organizational reputation. The vulnerability's presence in devices deployed globally means that any organization using vulnerable versions is at risk, especially those in sectors such as manufacturing, energy, utilities, and transportation where Digi ConnectPort devices are prevalent.

To mitigate the risk posed by CVE-2024-50627, organizations should immediately upgrade Digi ConnectPort LTS devices to version 1.4.12 or later, where the vulnerability is addressed. In the absence of an available patch, organizations should restrict LAN access to these devices strictly to trusted and authenticated users, employing network segmentation and access control lists (ACLs) to limit exposure. Monitoring network traffic for unusual file upload activity and implementing intrusion detection systems (IDS) can help detect exploitation attempts. Additionally, disabling or tightly controlling the file upload feature where possible reduces the attack surface. Regularly auditing device configurations and permissions to ensure least privilege principles are enforced will further reduce risk. Organizations should also maintain an incident response plan tailored to OT and IoT device compromises to respond swiftly if exploitation is suspected.