ConnectPort X2 - RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Overview
Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.

Affected Products
ConnectPort X2

ConnectPort X2 Firmware Downloads

Product Family	Part Number	Description	New Firmware	Link to upgrade
ConnectPort X2	X2-A11-EM-A	ConnectPort X2B S1 9210 8/16	2.17.1.2	Download
	X2-A11-EM-W	ConnectPort X2 S1 Ethernet 9210 8/16 Int	2.17.1.2	Download
	X2-HMA-EM-W	CPX2 DM900HP Ethernet AU3	2.17.1.2	Download
	X2-HMU-EM-A	CPX2 900HP Ethernet	2.17.1.2	Download
	X2-M91-EM-A	ConnectPort X2B DM 900 Pro 9210 8/16	2.17.1.2	Download
	X2-M11-EM-A	ConnectPort X2B DM 24 Pro 9210 8/16	2.17.1.2	Download
	X2-M11-EM-W	ConnectPort X2 DM 2.4 Pro Ethernet 9210 8/16 Int	2.17.1.2	Download
	X2-P81-EM-W	ConnectPort X2B 868 Pro 9210 8/16	2.17.1.2	Download
	X2-S11-EM-A	CPX2, XSC 9.6K Eth 9210	2.17.1.2	Download
	X2-T11-EM-A	ConnectPort X2 9XTend	2.17.1.2	Download
	X2-Z11-EM-A	ConnectPort X2 ZB Ethernet 9210 w/Python 8/16	2.17.1.2	Download
	X2-Z11-EM-I097	ConnectPort X2 ZB Eth 9210 Nalco	2.17.1.2	Download
	X2-Z11-EM-W	ConnectPort X2 ZB Ethernet 9210 8/16 Int	2.17.1.2	Download
	X2-Z11-EM-WI097	ConnectPort X2 ZB Eth 9210 Nalco Int	2.17.1.2	Download

Last updated: Aug 08, 2017

ConnectPort X2 - RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Recently Viewed