runZero to join Dragos, creating an industry-transforming security platform backed by $4B Accenture investment. More →

🗓️ Live on July 23: Securing the modern IT/OT attack surface Register

Start Free Book Demo

Platform
- Exposure Management Platform
  Complete security visibility across IT, OT, IoT, cloud, mobile, and remote assets.
  
  Total Attack Surface Visibility
  
  Full-Spectrum Exposure Detection
  
  Risk Prioritization & Insights
  
  Compliance, Reporting, & KPIs
  
  Fast Deployment & Scalability
- Asset Fingerprinting & Contextualization
  runZero employs a multi-faceted approach to perform high-fidelity fingerprinting for IT, OT, and IoT assets – no agents or credentials required.
- Integrations
  runZero seamlessly integrates with a wide variety of tools, enhancing network visibility, enriching asset data, and uncovering control gaps.
- Community Edition
  Our completely free version of the runZero Platform is ideal for home use and environments with fewer than 100 assets.
The AI attack era demands faster defenders — runZero 5.0 delivers

5.0 introduces new capabilities and views that automatically surface the risks most likely to lead to an incident and provides consolidated summaries pairing impact intelligence with remediation guidance to drive faster fixes.

Learn More
Solutions
- Solutions
  Gain visibility, control the unknowns, and ensure compliance with confidence.
  
  Incident Response
  
  Unmanaged & Unknowns
  
  Vulnerability Management
  
  Mergers & Acquisitions
  
  Compliance & Insurance
- Regulatory Compliance
  Ensure compliance and stay resilient against evolving cyber threats.
  
  CSRB
  
  DORA
  
  NIST CSF & 800-171
  
  NIS2
  
  NYDFS
  
  PCI DSS
Join HD Moore on July 23: Securing the modern IT/OT attack surface

Discover how to effectively bridge the visibility gap and secure your modern IT/OT infrastructure. HD Moore and Chris Ray will share actionable methods for hardening your OT defenses and the main takeaways from the 2026 GigaOm Radar for OT Security.

Register Now
Resources
- Resource Center
  Dive into a treasure trove of resources to expand your exposure management knowledge.
  
  Reports
  
  Webcasts
  
  Solution Briefs
- runZero Research
  Explore the world of exposure management through the runZero lens.
  
  Research Blogs
  
  Rapid Responses
  
  runZero Hour
- runZero Blog
  See what's happening at runZero and read up on the latest ideas, opinions, and articles from our experts and researchers.
- Support Resources
  Everything you need to maximize your experience with the runZero Platform.
  
  Documentation
  
  REST API
  
  Open Source
Watch the runZero Day replay!

The inaugural runZero Day livestream was one for the books! From the inner workings of the CVE program and modern cyber journalism to the realities of OT security and the startup investment ecosystem, our wonderful guests helped us cover the trends that are defining our industry.

Watch the Replay
Customers
- Our Customers
  Our customers are everything. We're super proud to be trusted by leading organizations around the globe to help them improve their security.
- Case Studies
  See how runZero has empowered security teams to take control of their networks, uncover their unknowns, and save significant time and money.
  
  North Carolina K-12
  
  Topcon
  
  Capgemini
  
  Presidio
  
  York University
- Testimonials
  Read reviews of the runZero Platform and see how teams have improved their security with our technology.
Case Study: How runZero established North Carolina’s K–12 exposure management program

Learn how runZero became the foundation for exposure management across 343 North Carolina Public School Units.

Read the Case Study
Partners
- Infinity Partner Program
  See how we can work together to provide best-in-class security solutions and outcomes for our joint customers.
- Partner Directory
  Explore our directory of trusted (and awesome) partners.
- Partner Sign In
  Sign in to our Infinity Partner Portal.
Join our Infinity Partner Program

Designed with a partner-first mindset, the runZero Infinity Partner Program offers incredibly valuable resources, relationships, and rewards to partners who choose to grow their business with us.

Become a runZero Partner
About
- About Us
  Wondering who the heck are these people? Meet the team and get the story behind runZero... once upon a time called Rumble.
- Events
  Track down runZero Yetis in the wild! Join us in-person or virtually at one of our upcoming events.
- Investors
  Meet the cybersecurity investors, trailblazers, and innovators who help us navigate our journey and the evolving security landscape.
- Newsroom
  Read the latest articles, announcements, and press releases from runZero.
- Careers
  Want to join our forces? We're looking for bright minds and passionate souls who want to write the next chapter in exposure management.
Join us on July 15 for the next exciting episode!

Every month, our research team does a deep dive into the ones and zeros behind all things exposure, from new threats and risky devices to the most secretive, silent, and unheard of vulnerabilities hiding in IT, OT, IoT, remote, cloud, and mobile environments – see you there!

Register Now
Pricing
Support
Contact Us
Sign In

runZero to join Dragos, creating an industry-transforming security platform backed by $4B Accenture investment. More →

🗓️ Live on July 23: Securing the modern IT/OT attack surface Register

Exposure Management Platform
Complete security visibility across IT, OT, IoT, cloud, mobile, and remote assets.
Asset Fingerprinting & Contextualization
runZero employs a multi-faceted approach to perform high-fidelity fingerprinting for IT, OT, and IoT assets – no agents or credentials required.
Integrations
runZero seamlessly integrates with a wide variety of tools, enhancing network visibility, enriching asset data, and uncovering control gaps.
Community Edition
Our completely free version of the runZero Platform is ideal for home use and environments with fewer than 100 assets.

The AI attack era demands faster defenders — runZero 5.0 delivers

5.0 introduces new capabilities and views that automatically surface the risks most likely to lead to an incident and provides consolidated summaries pairing impact intelligence with remediation guidance to drive faster fixes.

Learn More

Solutions
Gain visibility, control the unknowns, and ensure compliance with confidence.
Regulatory Compliance
Ensure compliance and stay resilient against evolving cyber threats.
- CSRB
- DORA
- NIST CSF & 800-171
- NIS2
- NYDFS
- PCI DSS

Join HD Moore on July 23: Securing the modern IT/OT attack surface

Discover how to effectively bridge the visibility gap and secure your modern IT/OT infrastructure. HD Moore and Chris Ray will share actionable methods for hardening your OT defenses and the main takeaways from the 2026 GigaOm Radar for OT Security.

Register Now

Resource Center
Dive into a treasure trove of resources to expand your exposure management knowledge.
runZero Research
Explore the world of exposure management through the runZero lens.
runZero Blog
See what's happening at runZero and read up on the latest ideas, opinions, and articles from our experts and researchers.
Support Resources
Everything you need to maximize your experience with the runZero Platform.

Watch the runZero Day replay!

The inaugural runZero Day livestream was one for the books! From the inner workings of the CVE program and modern cyber journalism to the realities of OT security and the startup investment ecosystem, our wonderful guests helped us cover the trends that are defining our industry.

Watch the Replay

Our Customers
Our customers are everything. We're super proud to be trusted by leading organizations around the globe to help them improve their security.
Case Studies
See how runZero has empowered security teams to take control of their networks, uncover their unknowns, and save significant time and money.
Testimonials
Read reviews of the runZero Platform and see how teams have improved their security with our technology.

Case Study: How runZero established North Carolina’s K–12 exposure management program

Learn how runZero became the foundation for exposure management across 343 North Carolina Public School Units.

Read the Case Study

About Us
Wondering who the heck are these people? Meet the team and get the story behind runZero... once upon a time called Rumble.
Events
Track down runZero Yetis in the wild! Join us in-person or virtually at one of our upcoming events.
Investors
Meet the cybersecurity investors, trailblazers, and innovators who help us navigate our journey and the evolving security landscape.
Newsroom
Read the latest articles, announcements, and press releases from runZero.
Careers
Want to join our forces? We're looking for bright minds and passionate souls who want to write the next chapter in exposure management.

Join us on July 15 for the next exciting episode!

Every month, our research team does a deep dive into the ones and zeros behind all things exposure, from new threats and risky devices to the most secretive, silent, and unheard of vulnerabilities hiding in IT, OT, IoT, remote, cloud, and mobile environments – see you there!

Register Now

Infinity Partner Program
See how we can work together to provide best-in-class security solutions and outcomes for our joint customers.
Partner Directory
Explore our directory of trusted (and awesome) partners.
Partner Sign In
Sign in to our Infinity Partner Portal.

Join our Infinity Partner Program

Designed with a partner-first mindset, the runZero Infinity Partner Program offers incredibly valuable resources, relationships, and rewards to partners who choose to grow their business with us.

Become a runZero Partner

On This Page:

Latest Advantech ADAM vulnerabilities
What is the impact?
Are updates or workarounds available?
How to find potentially vulnerable systems with runZero

How to find Advantech ADAM devices on your network

Blain Smith

|

Updated September 26, 2024, 11:45am EDT

Latest Advantech ADAM vulnerabilities #

CISA released two advisories regarding vulnerabilities found within the Advantech ADAM 5550 and ADAM 5630 Ethernet I/O modules.

ADAM 5550

CVE-2024-38308 is rated high, with CVSS score of 8.8, and displays the HTTP request log back to the user which could leak sensitive information.
CVE-2024-37187 is rated medium, with CVSS score of 5.7, and merely uses Base64 encoding for credentials instead of a higher level of encryption.

ADAM 6350

CVE-2024-39275 is rated high, with CVSS score of 8.0, and allows for an unauthorized user to assume the role of another because cookies are not cleared at the end of a session.
CVE-2024-28948 is rated high, with CVSS score of 8.0, and allows for CSRF to make users perform actions they did not intend to.
CVE-2024-28948 is rated medium, with CVSS score of 6.3, and allows an unauthenticated user of a particular endpoint to reboot the operating system and halting any in-process execution.
CVE-2024-34542 is rated medium, with CVSS score of 5.7, and allows for a MITM attack to inspect the credentials which are being sent in clear text between the user and the server.

What is the impact? #

Successful exploitation of these vulnerabilities could lead towards attackers gaining access to systems to perform system reboots, stealing credentials, and/or data exfiltration from logs.

Are updates or workarounds available? #

Advantech indicates that ADAM 5550 is being phased out and customers should upgrade to ADAM 5630 firmware or higher.

How to find potentially vulnerable systems with runZero #

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hw:ADAM

Written by Blain Smith

Blain Smith is a Security Research Engineer at runZero. He spent most of his career in cloud and distributed systems for AAA gaming, entertainment, and networking working on some of the most popular games and systems millions of people play and watch daily. He has given numerous talks at conferences such as TEDx, GopherCon, and P99CONF. His shift into infosec has afforded him the ability to apply his distributed systems and networking knowledge to other industries such as IoT and OT.

More about Blain Smith

Explore more runZero

Product

Announcing runZero 5.0: Exposure management built to outpace AI-driven attacks

When you're up against AI, every minute counts. Get deep, actionable intelligence across your entire attack surface to close the gaps and hold the...

Product Videos

runZero 5.0: Platform Demo

With the new 5.0 release, runZero is giving defenders the edge they need to succeed in the AI-attack era.

runZero Perspective

BOD 26-04: A new era of prioritized remediation

A complete breakdown of CISA's BOD 26-04 directive. Learn how the shift to SSVC, risk-based KEV prioritization, and 3-day remediation impacts your...

runZero Perspective

Dawn of the apex agentic adversary

When agentic AI can weaponize exploits in seconds, visibility is everything. Stop the predator with runZero’s exposure management for the AI-attack...

Webcasts

Defending in the shadow era: when the CVE feed goes dark

HD Moore walks through the three eras of vulnerability management: the predictable cycles era, the triage ara of AI-scale discovery, and now the...

Webcasts

runZero Hour, Ep. 31: The New Rules of Risk: EPSS v5 and Agentic Adversaries

In this episode, learn how your security team can use EPSS v5 to inform daily risk decisions in a world increasingly targeted by the apex agentic...

Webcasts

Beyond the Zero-Day: Mapping the network attackers actually see

Breaches are inevitable. Learn from HD Moore how attackers exploit the seams between IT, IoT, and OT networks — and how to fix the segmentation...

Podcasts

Risky Biz Interview: Navigating the AI vibe shift with HD Moore

runZero Founder and CEO HD Moore drops by in this week's Risky Biz sponsor interview to talk about the concerning AI vibe shift and what to do...

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Try runZero for Free

runZero CAASM

© Copyright 2026 runZero, Inc. All Rights Reserved