Advantech ADAM-3600

Act Now9.8ICS-CERT ICSA-22-032-02Feb 1, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech ADAM-3600 versions 2.6.2 and earlier contain a hardcoded cryptographic key (CWE-321) in the SSL/TLS implementation. An attacker with network access can intercept and decrypt HTTPS traffic using the hardcoded key, then use the decrypted credentials to gain unauthorized access to the device's web interface and perform administrative actions.

What this means

What could happen

An attacker could decrypt the ADAM-3600's web management traffic and gain login credentials, allowing unauthorized access to device configuration and control functions in transportation or logistics systems. This could enable tampering with sensor data, system parameters, or operational commands.

Who's at risk

Transportation and logistics operators using Advantech ADAM-3600 remote terminal units (RTUs) or data acquisition modules for telemetry, sensor monitoring, or process control. Any organization relying on these devices for real-time data collection or control in field locations (rail yards, truck facilities, fuel stations, etc.) where network isolation may be limited.

How it could be exploited

An attacker on the network (or between the user and the device if not on a direct LAN) intercepts HTTPS traffic to the ADAM-3600 web server. Using the hardcoded SSL private key present in the firmware, the attacker decrypts the traffic to extract login credentials and session tokens. The attacker then connects directly to the web interface and logs in with the captured credentials to modify device settings or commands.

Prerequisites

Network-level access to the ADAM-3600 device or the path between user and device (e.g., shared LAN, compromised network segment, or man-in-the-middle position)
Ability to capture HTTPS traffic to the device
No additional credentials or authentication required; the hardcoded key is embedded in all devices

remotely exploitableno authentication requiredlow complexityhardcoded credentialsno patch availableaffects transportation/logistics systems

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

ADAM-3600:≤ 2.6.2No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDGenerate a new SSL private key and replace the hardcoded key in the ADAM-3600 firmware or configuration. Document the new key and ensure it is backed up securely.

HARDENINGIsolate ADAM-3600 devices on a separate network segment (VLAN or physical network) not directly reachable from office networks or the Internet.

HARDENINGDeploy a firewall rule to restrict access to the ADAM-3600 web interface (port 443 or configured HTTPS port) to only authorized management workstations or jump hosts.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the ADAM-3600 for anomalous HTTPS connections or credential attempts using intrusion detection or packet inspection.

HOTFIXContact Advantech technical support for guidance on implementing the custom SSL key and for updates on a permanent firmware fix.

CVEs (1)

CVE-2022-22987

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c75413c1-6df1-4038-89e1-44175d56f7a6