CVE-2024-38308

Summary

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output.

Affected Software

VendorProductVersion RangeStatus
AdvantechADAM 5550all versionsaffected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References