HIGH🇬🇧 English

CVE-2024-28948

CVSS 8.5v4.0pub. 2024-09-27upd. 2024-10-04

Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Advantech Adam 5630

    HW
    Advantech
    wszystkie wersje
  • Advantech Adam 5630 Firmware

    OS
    Advantech
    < 2.5.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-39275HIGH8.5ten sam produkt

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. F...

CVE-2024-34542MEDIUM6.9ten sam produkt

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during th...

CVE-2025-52694CRITICAL10.0PL ✓ten sam vendor

SQL Injection w produktach Advantech IoT Suite — nieuwierzytelniony RCE

CVE-2025-34256CRITICAL10.0PL ✓ten sam vendor

Advantech WISE-DeviceOn Server — hardcoded klucz JWT umożliwia pełne przejęcie systemu

CVE-2022-50593CRITICAL9.3PL ✓ten sam vendor

Advantech iView – Auth Bypass + SQL Injection prowadzące do RCE