CVE-2024-39275
CVE-2024-39275 is a high-severity vulnerability in Advantech Adam-5630 Firmware with a CVSS 3.x base score of 8.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-539.
Key facts
- Severity: High (CVSS 3.x base score 8.0)
- CVSS v4: 8.5
- EPSS exploit prediction: 0% (31st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-37882
- Weakness: CWE-539
- Affected product: Advantech Adam-5630 Firmware
- Published:
- Last modified:
Description
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user.
Frequently asked questions
- What is CVE-2024-39275?
- Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user.
- How severe is CVE-2024-39275?
- CVE-2024-39275 has a CVSS 3.x base score of 8.0, rated high severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2024-39275 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (31st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-39275?
- CVE-2024-39275 affects Advantech Adam-5630 Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2024-39275?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2024-39275 have an EU (EUVD) identifier?
- Yes. CVE-2024-39275 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-37882.
- When was CVE-2024-39275 published?
- CVE-2024-39275 was published on 2024-09-27 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:advantech:adam-5630_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Advantech Adam-5630 Firmware
- CVE-2024-28948 — High (CVSS 8.0): Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly…
- CVE-2024-34542 — Medium (CVSS 5.7): Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login…
All CVEs affecting Advantech Adam-5630 Firmware →
Other CWE-539 vulnerabilities
- CVE-2025-27673 — Critical (CVSS 9.1): Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie…
- CVE-2023-30861 — High (CVSS 7.5): Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response…
- CVE-2026-35192 — Medium (CVSS 6.5): An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session…
- CVE-2021-27463 — Medium (CVSS 5.3): A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected…
- CVE-2026-24318 — Medium (CVSS 4.2): Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an…
- CVE-2025-52633 — Low (CVSS 3.1): HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing…