CVE-2024-39364

Advantech ADAM-5630 
has built-in commands that can be executed without authenticating the 
user. These commands allow for restarting the operating system, 
rebooting the hardware, and stopping the execution. The commands can be 
sent to a simple HTTP request and are executed by the device 
automatically, without discrimination of origin or level of privileges 
of the user sending the commands.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
icscertCNA
6.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02