| |
Vulnerability CVE-2024-39364
Published: 2024-09-27
Description: |
Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user. These commands allow for restarting the operating system,
rebooting the hardware, and stopping the execution. The commands can be
sent to a simple HTTP request and are executed by the device
automatically, without discrimination of origin or level of privileges
of the user sending the commands. |
Type:
CWE-306 (Missing Authentication for Critical Function)
References: |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02
|
|
|
Copyright 2024, cxsecurity.com
|
|
|