CVE-2024-39275

Summary

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user.

Affected Software

VendorProductVersion RangeStatus
AdvantechADAM-56300 < v2.5.2affected

Weaknesses

  • CWE-539: CWE-539

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References