CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34542 – Advantech ADAM-5630 Weak Encoding for Password
https://notcve.org/view.php?id=CVE-2024-34542
27 Sep 2024 — Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02 • CWE-261: Weak Encoding for Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28948 – Advantech ADAM-5630 Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-28948
27 Sep 2024 — Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39275 – Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2024-39275
27 Sep 2024 — Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02 • CWE-539: Use of Persistent Cookies Containing Sensitive Information •