PatchSiren cyber security CVE debrief
CVE-2024-39275 Advantech CVE debrief
CVE-2024-39275 is a HIGH severity session management vulnerability in Advantech ADAM-5630 industrial communication devices. The issue involves improper invalidation of authentication cookies: when a user session is terminated (logout), the associated cookies remain valid and active on the server side. An attacker who obtains a legitimate cookie—through network sniffing, browser compromise, or other means—can forge authenticated requests even after the legitimate user has logged out, inheriting the full privileges of that user account. The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates this requires adjacent network access and user interaction, but results in complete confidentiality, integrity, and availability compromise of the affected device. CISA published advisory ICSA-24-270-02 on September 26, 2024, with Advantech providing firmware version 2.5.2 as the remediation. Organizations operating ADAM-5630 devices in industrial control environments should prioritize patching due to the critical nature of unauthorized administrative access to OT infrastructure.
- Vendor
- Advantech
- Product
- ADAM-5630
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-26
- Original CVE updated
- 2024-09-26
- Advisory published
- 2024-09-26
- Advisory updated
- 2024-09-26
Who should care
Organizations operating Advantech ADAM-5630 devices in industrial automation, building management, or critical infrastructure environments. Security teams responsible for OT/ICS network security, identity and access management administrators, and compliance officers subject to NERC CIP, IEC 62443, or similar industrial cybersecurity frameworks.
Technical summary
The Advantech ADAM-5630 industrial communication gateway fails to properly invalidate authentication cookies upon session termination. The server-side session state is not synchronized with client-side cookie lifecycle, resulting in persistent cookie validity independent of logout events. An attacker with network access to capture or otherwise obtain a valid session cookie can replay it in HTTP requests to the device's web management interface, receiving authenticated responses and executing privileged operations. The vulnerability is classified as CWE-613 (Insufficient Session Expiration). Remediation requires firmware upgrade to version 2.5.2, which implements proper server-side session invalidation.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Advantech ADAM-5630 devices to firmware version 2.5.2 or later to remediate the session cookie invalidation vulnerability.
- Implement network segmentation to restrict adjacent network access to ADAM-5630 management interfaces, reducing attack surface per CVSS AV:A vector.
- Deploy TLS/SSL encryption for all management traffic to prevent cookie interception in transit.
- Configure session timeout policies at the application layer where possible, and monitor for anomalous authentication patterns indicating potential cookie replay attacks.
- Review and rotate credentials for affected devices following patching to invalidate any potentially compromised sessions.
Evidence notes
CISA CSAF advisory ICSA-24-270-02 confirms the vulnerability affects ADAM-5630 devices prior to firmware version 2.5.2. The advisory explicitly states that cookies remain valid after session termination, enabling privilege inheritance by attackers possessing the cookie. CVSS 3.1 score of 8.0 (HIGH) assigned with adjacent network attack vector. No known exploitation in the wild or KEV listing as of advisory publication.
Official resources
-
CVE-2024-39275 CVE record
CVE.org
-
CVE-2024-39275 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-26