Description
Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02
Scores
CVSS v3
6.3
EPSS
0.0006
EPSS Percentile
19.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
Advantech/ADAM-5630
< v2.5.2
Published
Sep 27, 2024
Tracked Since
Feb 18, 2026