CVE-2024-38308

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:advantech:adam_5550-firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:advantech:adam-5550:-:*:*:*:*:*:*:*

History

07 Oct 2024, 15:24

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 - Third Party Advisory, US Government Resource
CPE cpe:2.3:h:advantech:adam-5550:-:*:*:*:*:*:*:*
cpe:2.3:o:advantech:adam_5550-firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 6.1
First Time Advantech adam-5550
Advantech
Advantech adam 5550-firmware

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) La aplicación web de Advantech ADAM 5550 incluye una página de "registros" en la que se muestran al usuario todas las solicitudes HTTP recibidas. El dispositivo no neutraliza correctamente el código malicioso al analizar las solicitudes HTTP para generar la salida de la página.

27 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 18:15

Updated : 2024-10-07 15:24


NVD link : CVE-2024-38308

Mitre link : CVE-2024-38308

CVE.ORG link : CVE-2024-38308


JSON object : View

Products Affected

advantech

  • adam_5550-firmware
  • adam-5550
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')