CVE-2024-39364

Name of the Vulnerable Software and Affected Versions Advantech ADAM-5630 (affected versions not specified)

Description The issue is related to the lack of authentication for a critical function in the Advantech ADAM-5630 programmable logic controller (PLC). This allows a remote attacker to execute arbitrary commands, potentially leading to a denial of service. The device has built-in commands that can be executed without user authentication, including restarting the operating system, rebooting the hardware, and stopping execution. These commands can be sent via a simple HTTP request and are executed automatically without discriminating the origin or privileges of the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.