Advantech ADAM-5630 Vulnerable to CSRF Attacks
CVE-2024-28948

8.8HIGH

Key Information:

Vendor: Advantech
Status: Adam-5630 Firmware
Vendor: CVE Published:; 27 September 2024

What is CVE-2024-28948?

The Advantech ADAM-5630 exhibits a vulnerability that permits cross-site request forgery (CSRF) attacks. By exploiting this vulnerability, an attacker can potentially manipulate the device by bypassing the protections intended to enforce the same origin policy. This flaw can lead to unauthorized actions being performed on behalf of authenticated users, making it essential for organizations using this product to implement robust security measures to mitigate potential exploitation.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2024