41 matches found
CVE-2024-34542
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process...
CVE-2024-28948
Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...
CVE-2024-39364 Advantech ADAM-5630 Missing Authentication for Critical Function
Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...
CVE-2024-39364
CVE-2024-39364 concerns Advantech ADAM-5630. Connected sources confirm missing authentication for built-in commands that can be triggered via a simple HTTP request, enabling actions such as restarting the OS, rebooting the device, and stopping execution. The root cause is lack of access control f...
CVE-2024-39364 Advantech ADAM-5630 Missing Authentication for Critical Function
Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...
CVE-2024-34542 Advantech ADAM-5630 Weak Encoding for Password
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process...
CVE-2024-34542 Advantech ADAM-5630 Weak Encoding for Password
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process...
CVE-2024-34542
CVE-2024-34542 affects Advantech ADAM-5630. Technical details across sources show that user credentials are transmitted in plain text during login due to weak encoding, exposing confidentiality risk (CVE-2024-34542). Affected product: Advantech ADAM-5630; vulnerable component/function involves th...
CVE-2024-28948 Advantech ADAM-5630 Cross-Site Request Forgery
Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...
CVE-2024-28948
The CVE-2024-28948 entry describes a CSRF vulnerability in Advantech ADAM-5630. Affected product: ADAM-5630 (pre-2.5.2). Root cause: cross-site request forgery (CWE-352) enabling an attacker to partly bypass same-origin policy. Reported impact: high impact to confidentiality, integrity, and avail...
CVE-2024-39275 Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...
CVE-2024-39275 Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user...
Advantech ADAM-5630 安全漏洞
The Advantech ADAM-5630 is an edge intelligent data acquisition controller from Advantech China. A security vulnerability exists in the Advantech ADAM-5630 that originates from user credentials being shared in plain text between the device and the user source device during the login process...
Advantech ADAM-5630 安全漏洞
Advantech ADAM-5630 is an edge intelligent data acquisition controller from Advantech, China. The Advantech ADAM-5630 suffers from an Access Control Error vulnerability that originates from an authenticated user's cookie being retained as a valid cookie even after the session is closed. An attack...
Advantech ADAM-5630 访问控制错误漏洞
The Advantech ADAM-5630 is an Edge Intelligent Data Acquisition Controller from Advantech China. The Advantech ADAM-5630 suffers from an access control error vulnerability that originates from the ability to execute built-in commands without authentication via a specially crafted request...
Advantech ADAM-5630 跨站请求伪造漏洞
The Advantech ADAM-5630 is an Edge Intelligent Data Acquisition Controller from Advantech, China. The Advantech ADAM-5630 suffers from a cross-site request forgery vulnerability that stems from a cross-site request forgery issue included in the product...
Advantech ADAM 5630
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5630 Vulnerabilities : Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a...
PT-2024-6551 · Advantech · Adam-5630
Name of the Vulnerable Software and Affected Versions: Advantech ADAM-5630 affected versions not specified Description: The issue concerns the cookies of authenticated Advantech ADAM-5630 users, which remain active and valid even after a session is closed. This allows an unauthorized attacker to...
PT-2024-6491 · Advantech · Adam-5630
Name of the Vulnerable Software and Affected Versions: Advantech ADAM-5630 affected versions not specified Description: The issue is related to a cross-site request forgery CSRF vulnerability, which allows an attacker to partly circumvent the same origin policy. This policy is designed to prevent...
PT-2024-6690 · Advantech · Adam-5630
Name of the Vulnerable Software and Affected Versions: Advantech ADAM-5630 affected versions not specified Description: The issue is related to the transmission of user credentials in plain text between the device and the user source device during the login process. This is due to the use of weak...