Multiple vulnerabilities in Advantech ADAM-5630
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-39275 CVE-2024-28948 CVE-2024-34542 CVE-2024-39364 |
| CWE-ID | CWE-539 CWE-352 CWE-261 CWE-306 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ADAM-5630 Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use of Persistent Cookies Containing Sensitive Information
EUVDB-ID: #VU97755
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39275
CWE-ID:
CWE-539 - Use of Persistent Cookies Containing Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to cookies of authenticated users remain as active valid cookies when a session is closed. A remote attacker on the local network can act with the same level of privileges of the legitimate user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsADAM-5630: before 2.5.2
CPE2.3http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site request forgery
EUVDB-ID: #VU97756
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28948
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsADAM-5630: before 2.5.2
CPE2.3http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Weak Encoding for Password
EUVDB-ID: #VU97757
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34542
CWE-ID:
CWE-261 - Weak Cryptography for Passwords
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to user credentials are shared in plain text. A remote attacker on the local network can retrieve the credentials from another user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsADAM-5630: before 2.5.2
CPE2.3http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Missing Authentication for Critical Function
EUVDB-ID: #VU97759
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39364
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected device has built-in commands that can be executed without authenticating the user. A remote attacker on the local network can bypass authentication and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsADAM-5630: before 2.5.2
CPE2.3http://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
