Advantech ADAM 5630

Plan PatchCVSS 8ICS-CERT ICSA-24-270-02Sep 26, 2024

Advantech

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

The Advantech ADAM-5630 remote terminal unit contains vulnerabilities in session management and cross-site request forgery (CSRF) protections that allow an attacker with network access to hijack authenticated user sessions. These vulnerabilities affect ADAM-5630 devices running firmware versions below 2.5.2. Successful exploitation could allow an attacker to perform unauthorized actions on the device or cause denial-of-service conditions affecting monitoring and control functions.

What this means

What could happen

An attacker with network access to the ADAM-5630 could hijack a legitimate user's session or perform unauthorized actions on the device via cross-site request forgery, potentially disrupting monitoring and control functions for connected equipment.

Who's at risk

This affects operators of Advantech ADAM-5630 remote terminal units (RTUs) and other monitoring/data acquisition devices using this platform. Typical users include water treatment facilities, power distribution operators, and industrial facilities using ADAM-5630 for sensor data collection and equipment control.

How it could be exploited

An attacker must be on the same network segment as the ADAM-5630 and trick a logged-in user into clicking a malicious link or visiting a crafted webpage. The attacker can then execute commands or access data as that user without their knowledge. The vulnerability requires user interaction but no prior authentication by the attacker.

Prerequisites

Network access to the ADAM-5630 on the same local network or connected network segment
A legitimate user must be logged into the device's web interface
User must click a malicious link or visit a crafted webpage while authenticated

Low complexity exploitationRequires user interactionDefault or weak session management controlsLocal network access required

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Advantech ADAM-5630: <v2.5.2<v2.5.22.5.2

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the ADAM-5630 to authorized engineering workstations and monitoring stations only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ADAM-5630 devices to firmware version 2.5.2 or later

Long-term hardening

0/2

HARDENINGIsolate the ADAM-5630 and all connected control devices from the business network using a separate industrial network segment

HARDENINGUse a VPN with multi-factor authentication if remote access to the ADAM-5630 is required

CVEs (4)

CVE-2024-39275 CVE-2024-28948 CVE-2024-34542 CVE-2024-39364

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/318bc728-4e80-4cc3-9537-091f20f71d93

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.