CVE-2024-39275
Oct. 7, 2024, 3:25 p.m.
8.8
High
Description
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an unauthorized attacker to act with
the same level of privileges of the legitimate user.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Advantech |
|
|
Weaknesses
CWE-539
Use of Persistent Cookies Containing Sensitive Information
The web application uses persistent cookies, but the cookies contain sensitive information.
*CPE(s)
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | advantech | adam-5630_firmware | / | / | / | / | / | / | / | / |
| h | advantech | adam-5630 | - | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: HIGH
- Availability Impact: HIGH
View Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Date
- Published: Sept. 27, 2024, 6:15 p.m.
- Last Modified: Oct. 7, 2024, 3:25 p.m.
Status : Analyzed
CVE has had analysis completed and all data associations made.
More infoSource
ics-cert@hq.dhs.gov
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.