CVE-2024-39364

low-risk

Published 2024-09-27

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

ADJACENT_NETWORK / LOW complexity

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal