Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests received are displayed to the user. The device doesn't
correctly neutralize malicious code when parsing HTTP requests to
generate page output.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Oct 2024, 15:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:h:advantech:adam-5550:-:*:*:*:*:*:*:* cpe:2.3:o:advantech:adam_5550-firmware:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Advantech adam-5550
Advantech Advantech adam 5550-firmware |
30 Sep 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
27 Sep 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-27 18:15
Updated : 2024-10-07 15:24
NVD link : CVE-2024-38308
Mitre link : CVE-2024-38308
CVE.ORG link : CVE-2024-38308
JSON object : View
Products Affected
advantech
- adam_5550-firmware
- adam-5550
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')