PatchSiren cyber security CVE debrief
CVE-2024-38308 Advantech CVE debrief
CVE-2024-38308 is a high-severity stored cross-site scripting (XSS) vulnerability in the Advantech ADAM-5550 programmable automation controller. The device's web application includes a logs page that displays all received HTTP requests to authenticated users without properly neutralizing malicious code during output generation. An attacker can inject malicious payloads into HTTP requests that, when logged and subsequently viewed by administrators, execute in the victim's browser context. The vulnerability carries a CVSS 3.1 score of 8.8 (High), with an attack vector of adjacent network, low attack complexity, no privileges required, and no user interaction needed, enabling high impacts to confidentiality, integrity, and availability. Advantech has designated the ADAM-5550 as end-of-life and strongly recommends migration to the ADAM-5630 platform running firmware version 2.5.2 or higher. Organizations operating these devices in industrial control environments should prioritize network segmentation and access controls while planning replacement, as the affected product will not receive security patches.
- Vendor
- Advantech
- Product
- ADAM 5550
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-26
- Original CVE updated
- 2024-09-26
- Advisory published
- 2024-09-26
- Advisory updated
- 2024-09-26
Who should care
Organizations operating Advantech ADAM-5550 programmable automation controllers in industrial automation, building management, or process control environments. Security teams responsible for OT/ICS infrastructure, particularly those managing legacy devices approaching or at end-of-life. Compliance officers tracking CVE remediation for critical infrastructure assets.
Technical summary
The Advantech ADAM-5550 programmable automation controller contains a stored cross-site scripting vulnerability in its web application logs page. The device logs all received HTTP requests and displays them to users without proper output encoding or sanitization, allowing injection of malicious scripts that execute when administrators view the logs. The vulnerability is remotely exploitable from adjacent networks with no authentication or user interaction required. Advantech has ended support for the ADAM-5550 and directs users to upgrade to the ADAM-5630 platform.
Defensive priority
high
Recommended defensive actions
- Implement network segmentation to isolate ADAM-5550 devices from untrusted networks and limit access to authorized administrative hosts only
- Plan and execute migration from ADAM-5550 to ADAM-5630 with firmware version 2.5.2 or higher as the permanent remediation, given the affected product's end-of-life status
- Review and restrict administrative access to the ADAM-5550 web interface to reduce exposure of the vulnerable logs page
- Monitor for anomalous HTTP requests targeting ADAM-5550 devices that may indicate attempted exploitation of the logs functionality
- Apply defense-in-depth controls including ICS-specific security practices for environments where immediate replacement is not feasible
Evidence notes
Vulnerability description and remediation guidance sourced from CISA ICS Advisory ICSA-24-270-01. CVSS vector and scoring details confirmed through official CISA CSAF document. Vendor end-of-life status and migration path explicitly stated in advisory remediation section.
Official resources
-
CVE-2024-38308 CVE record
CVE.org
-
CVE-2024-38308 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-26