PatchSiren cyber security CVE debrief
CVE-2024-37187 Advantech CVE debrief
CVE-2024-37187 describes a weakness in the Advantech ADAM-5550 programmable logic controller where user credentials are transmitted using only Base64 encoding, which is not encryption and can be trivially reversed by anyone who intercepts the traffic. This exposes credentials to network eavesdropping attacks in adjacent network scenarios. The vulnerability was published by CISA on September 26, 2024, with a CVSS 3.1 score of 5.7 (Medium). Advantech has designated the ADAM-5550 as end-of-life and is phasing it out; the recommended remediation is to migrate to the ADAM-5630 platform running firmware version 2.5.2 or higher.
- Vendor
- Advantech
- Product
- ADAM 5550
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-26
- Original CVE updated
- 2024-09-26
- Advisory published
- 2024-09-26
- Advisory updated
- 2024-09-26
Who should care
Organizations operating Advantech ADAM-5550 programmable logic controllers in industrial control system environments, particularly those with network segments accessible to potential threat actors or insufficient network segmentation.
Technical summary
The Advantech ADAM-5550 transmits user credentials using Base64 encoding without encryption. Base64 is a reversible encoding scheme, not a cryptographic protection, allowing credential recovery by any party with network visibility. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) indicates this is exploitable from adjacent networks with low complexity, requiring user interaction but no privileges, resulting in high confidentiality impact. The product is end-of-life; Advantech recommends upgrading to ADAM-5630 firmware 2.5.2+.
Defensive priority
medium
Recommended defensive actions
- Inventory all deployed Advantech ADAM-5550 units and assess exposure to adjacent network threats
- Plan migration to Advantech ADAM-5630 with firmware version 2.5.2 or higher per vendor guidance
- Segment ADAM-5550 devices from untrusted networks until migration is complete
- Monitor network traffic for unauthorized access attempts targeting ADAM-5550 management interfaces
- Review and rotate any credentials that may have been transmitted over monitored networks
Evidence notes
CISA advisory ICSA-24-270-01 confirms the credential encoding weakness and provides vendor remediation guidance. The CVSS vector indicates attack vector is adjacent network, attack complexity is low, and confidentiality impact is high.
Official resources
-
CVE-2024-37187 CVE record
CVE.org
-
CVE-2024-37187 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-26