CVE-2024-28948

Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the sameorigin policy, which is designed to prevent different websites frominterfering with each other.

CVE-2024-39275

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when asession is closed. Forging requests with a legitimate cookie, even ifthe session was terminated, allows an unauthorized attacker to act withthe same level of privileges of the legitimate user.

CVE-2024-34542

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.