Latest Advantech ADAM vulnerabilities #
CISA released two advisories regarding vulnerabilities found within the Advantech ADAM 5550 and ADAM 5630 Ethernet I/O modules.
ADAM 5550
CVE-2024-38308 is rated high, with CVSS score of 8.8, and displays the HTTP request log back to the user which could leak sensitive information.
CVE-2024-37187 is rated medium, with CVSS score of 5.7, and merely uses Base64 encoding for credentials instead of a higher level of encryption.
CVE-2024-39275 is rated high, with CVSS score of 8.0, and allows for an unauthorized user to assume the role of another because cookies are not cleared at the end of a session.
CVE-2024-28948 is rated high, with CVSS score of 8.0, and allows for CSRF to make users perform actions they did not intend to.
CVE-2024-28948 is rated medium, with CVSS score of 6.3, and allows an unauthenticated user of a particular endpoint to reboot the operating system and halting any in-process execution.
CVE-2024-34542 is rated medium, with CVSS score of 5.7, and allows for a MITM attack to inspect the credentials which are being sent in clear text between the user and the server.
What is the impact? #
Successful exploitation of these vulnerabilities could lead towards attackers gaining access to systems to perform system reboots, stealing credentials, and/or data exfiltration from logs.
Are updates or workarounds available? #
Advantech indicates that ADAM 5550 is being phased out and customers should upgrade to ADAM 5630 firmware or higher.
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:
hw:ADAM