PatchSiren cyber security CVE debrief
CVE-2024-39364 Advantech CVE debrief
Advantech ADAM-5630 devices contain built-in commands that execute without authentication, allowing unprivileged network attackers to restart the operating system, reboot hardware, or stop execution via simple HTTP requests. The vulnerability stems from missing authentication and authorization checks on administrative command endpoints, with no origin validation or privilege discrimination. CISA published advisory ICSA-24-270-02 on September 26, 2024, with a CVSS 3.1 score of 6.3 (Medium). The attack vector is adjacent network, requires low attack complexity, no privileges, and user interaction. Affected versions are prior to 2.5.2. Advantech has released firmware version 2.5.2 to address this issue. No known exploitation in ransomware campaigns has been reported.
- Vendor
- Advantech
- Product
- ADAM-5630
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-26
- Original CVE updated
- 2024-09-26
- Advisory published
- 2024-09-26
- Advisory updated
- 2024-09-26
Who should care
Organizations operating Advantech ADAM-5630 devices in industrial control system or OT environments, particularly those in manufacturing, energy, water/wastewater, and critical infrastructure sectors where device availability impacts operational technology processes.
Technical summary
The Advantech ADAM-5630 industrial communication gateway exposes built-in administrative commands through HTTP endpoints without requiring authentication. Attackers on adjacent networks can send crafted HTTP requests to trigger operating system restarts, hardware reboots, or execution halts. The vulnerability exists due to absent authentication and authorization mechanisms on command endpoints, with no validation of request origin or user privilege level. This represents a significant availability risk for industrial control system deployments where continuous operation is critical.
Defensive priority
medium
Recommended defensive actions
- Upgrade Advantech ADAM-5630 devices to firmware version 2.5.2 or later
- Restrict network access to ADAM-5630 management interfaces to authorized administrative hosts only
- Segment OT networks containing ADAM-5630 devices from enterprise and internet-facing networks
- Monitor for unauthorized HTTP requests to device command endpoints
- Apply defense-in-depth controls per CISA ICS recommended practices
Evidence notes
CISA CSAF advisory ICSA-24-270-02 confirms unauthenticated HTTP-accessible built-in commands for OS restart, hardware reboot, and execution stop on ADAM-5630 devices. CVSS 3.1 vector AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H yields 6.3 Medium severity. Affected product identified as Advantech ADAM-5630 versions below 2.5.2. Remediation guidance specifies upgrade to firmware version 2.5.2.
Official resources
-
CVE-2024-39364 CVE record
CVE.org
-
CVE-2024-39364 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-26