Advantech ADAM-6000 Use of Default Password (CVE-2008-5848)

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and 1 monitor or 2 control the module's Modbus/TCP I/O activity. This plugin only works with Tenable.ot. Please visit...

Advantech ADAM-5630 Cross-Site Request Forgery (CVE-2024-28948)

Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other. This plugin only works with Tenable.ot. Please visit...

Advantech ADAM-5630 Missing Authentication for Critical Function (CVE-2024-39364)

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information (CVE-2024-39275)

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. This plugin...

Advantech ADAM-5550 Weak Encoding For Password (CVE-2024-37187)

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Advantech ADAM-5630 Weak Encoding For Password (CVE-2024-34542)

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2024-34542

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process...

CVE-2024-39364

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

EUVD-2011-1912

Malware in sbrugna...

EUVD-2024-37920

Malicious code in bioql PyPI...

EUVD-2024-37259

Malicious code in bioql PyPI...

EUVD-2024-34433

Malicious code in bioql PyPI...

EUVD-2024-36489

Malicious code in bioql PyPI...

EUVD-2024-34846

Malicious code in bioql PyPI...

CVE-2024-37187

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding...

CVE-2011-1914

Buffer overflow in the Advantech ADAM OLE for Process Control OPC Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2008-5848

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and 1 monitor or 2 control the module's Modbus/TCP I/O activity...

The vulnerability of the microprogrammed logic controller Advantech ADAM 5550, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the microprogrammed logic controller Advantech ADAM 5550 lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2024-38308

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output...

CVE-2024-28948

Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...