CVE-2024-50628 is a vulnerability discovered in the web services component of Digi ConnectPort LTS devices before version 1.4.12. The issue allows an attacker on the same local area network (LAN) to perform unauthorized manipulation of device resources due to insufficient authorization controls, classified under CWE-862 (Improper Authorization). This unauthorized access can be leveraged to escalate attacks, potentially leading to remote code execution when combined with other vulnerabilities or attack vectors. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high severity, with an attack vector limited to adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is high, as attackers can manipulate device resources and potentially execute arbitrary code remotely. Digi ConnectPort LTS devices are widely used in industrial control systems, embedded applications, and IoT environments, making this vulnerability particularly concerning for critical infrastructure and industrial sectors. No public exploits are currently known, but the risk remains significant due to the potential for remote code execution and the critical nature of affected devices. The vulnerability was reserved on 2024-10-28 and published on 2024-12-09, with no patch links currently available, indicating that vendors or users should monitor for updates and advisories closely.

The vulnerability allows attackers on the local network to bypass authorization controls and manipulate device resources, which can compromise the confidentiality, integrity, and availability of Digi ConnectPort LTS devices. This can lead to unauthorized access to sensitive data, disruption of device functionality, and potentially remote code execution if combined with other vulnerabilities. Given the typical deployment of these devices in industrial and embedded environments, exploitation could disrupt critical infrastructure operations, cause safety hazards, or lead to significant operational downtime. The high CVSS score reflects the severity and ease of exploitation without requiring authentication or user interaction. Organizations relying on these devices face risks of targeted attacks by insiders or lateral movement by attackers who have breached the local network. The absence of known exploits in the wild provides a window for proactive mitigation, but the threat remains substantial due to the critical nature of the affected systems.

1. Immediately implement network segmentation and access controls to restrict local network access to Digi ConnectPort LTS devices, limiting exposure to trusted administrators only. 2. Monitor network traffic for unusual activity targeting these devices, focusing on unauthorized resource manipulation attempts. 3. Apply vendor patches or firmware updates as soon as they become available; if no patch is currently released, maintain close contact with Digi support for updates. 4. Employ strong network authentication and encryption mechanisms where possible to reduce the risk of unauthorized local access. 5. Conduct regular security audits and vulnerability assessments on industrial control systems and embedded devices to identify and remediate similar authorization weaknesses. 6. Consider deploying intrusion detection/prevention systems (IDS/IPS) tailored for industrial protocols to detect exploitation attempts. 7. Educate network administrators and security teams about the risks of local network threats and the importance of strict access controls in operational technology environments.