Advantech ADAM-5550

Plan PatchCVSS 8.8ICS-CERT ICSA-24-270-01Sep 26, 2024

Advantech

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech ADAM-5550 contains credential interception and web-based code injection vulnerabilities. Attackers who gain network access to the device can capture easily decodable credentials to obtain full administrative access and inject malicious code into the device's web interface. The product is being phased out and no patch will be released.

What this means

What could happen

An attacker with network access to the ADAM-5550 can steal administrative credentials and gain full control of the device, potentially altering device configuration, disabling monitoring, or injecting malicious commands. This could disrupt remote telemetry, data acquisition, or process control functions depending on how the device is deployed.

Who's at risk

Water utilities, municipalities, and manufacturing facilities using the Advantech ADAM-5550 industrial data acquisition and monitoring module are affected. This device is commonly deployed for remote temperature, humidity, analog input/output monitoring, and SCADA integration in utility substations, water treatment plants, and process control environments.

How it could be exploited

An attacker on the same local network or with routed network access to the device intercepts unencrypted or weakly encrypted credentials transmitted by legitimate users. The attacker then logs in with stolen credentials and injects malicious code into the web interface, which is executed when other users access the web page.

Prerequisites

Network access to the ADAM-5550 device (local network or routed path)
Ability to observe or intercept network traffic to capture credentials
Knowledge of credential transmission mechanism

no patch availableend-of-life productweak credential protectionlocal network exposure riskaffects monitoring and telemetry systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Advantech ADAM 5550: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to the ADAM-5550 using firewall rules to limit connectivity to only authorized engineering workstations and control system networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMigrate from ADAM-5550 to ADAM-5630 firmware version 2.5.2 or higher as the product is being phased out

Mitigations - no patch available

0/3

Advantech ADAM 5550: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the ADAM-5550 and all connected legacy devices from the business network using a dedicated control system network segment

HARDENINGIf remote access is required, implement a VPN tunnel to the control system network rather than allowing direct internet exposure of the device

HARDENINGMonitor network traffic to and from the ADAM-5550 for suspicious credential transmission or unauthorized configuration changes

CVEs (2)

CVE-2024-37187 CVE-2024-38308

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/23ebf1e2-3c7b-423f-b69b-ef032b2cdb7c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.