ADAM-5630
by Advantech
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39364 | Med | 0.41 | 6.3 | 0.00 | Sep 27, 2024 | Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by… | ||
| CVE-2024-34542 | 0.00 | — | 0.00 | Sep 27, 2024 | Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | |||
| CVE-2024-28948 | 0.00 | — | 0.00 | Sep 27, 2024 | Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other. | |||
| CVE-2024-39275 | 0.00 | — | 0.00 | Sep 27, 2024 | Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the… |
- risk 0.41cvss 6.3epss 0.00
Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by…
- CVE-2024-34542Sep 27, 2024risk 0.00cvss —epss 0.00
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
- CVE-2024-28948Sep 27, 2024risk 0.00cvss —epss 0.00
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.
- CVE-2024-39275Sep 27, 2024risk 0.00cvss —epss 0.00
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the…