VAR-202409-1536
Vulnerability from variot - Updated: 2024-10-09 22:37Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output. Advantech Co., Ltd. adam 5550-firmware Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Advantech ADAM-5550 is a programmable automation controller from Advantech, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202409-1536",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adam 5550-",
"scope": "eq",
"trust": 1.0,
"vendor": "advantech",
"version": null
},
{
"model": "adam 5550-",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "adam 5550-",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "adam-5550",
"scope": null,
"trust": 0.6,
"vendor": "advantech",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"cve": "CVE-2024-38308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2024-39679",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-38308",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-38308",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-38308",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-38308",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-38308",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-38308",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-39679",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"db": "NVD",
"id": "CVE-2024-38308"
},
{
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech ADAM 5550\u0027s web application includes a \"logs\" page where all \nthe HTTP requests received are displayed to the user. The device doesn\u0027t\n correctly neutralize malicious code when parsing HTTP requests to \ngenerate page output. Advantech Co., Ltd. adam 5550-firmware Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Advantech ADAM-5550 is a programmable automation controller from Advantech, a Chinese company. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-38308"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"db": "CNVD",
"id": "CNVD-2024-39679"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-38308",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-270-01",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU91291521",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009877",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-39679",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"id": "VAR-202409-1536",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
}
]
},
"last_update_date": "2024-10-09T22:37:37.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Advantech ADAM-5550 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/598306"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91291521/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38308"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-39679"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-39679"
},
{
"date": "2024-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"date": "2024-09-27T18:15:04.933000",
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-39679"
},
{
"date": "2024-10-08T00:53:00",
"db": "JVNDB",
"id": "JVNDB-2024-009877"
},
{
"date": "2024-10-07T15:24:34.517000",
"db": "NVD",
"id": "CVE-2024-38308"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech Co., Ltd. \u00a0adam\u00a05550-firmware\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009877"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…