Details of VAR-200901-0055

ID

VAR-200901-0055

CVE

CVE-2008-5848

TITLE

advantech adam-6066 Module Trust Management Vulnerability

Trust: 0.8

sources: IVD: d26831ac-23cc-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200901-037

DESCRIPTION

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. Adam-6050W is prone to a remote security vulnerability. advantech adam is an Advantech industrial ADAM module

Trust: 2.16

sources: NVD: CVE-2008-5848 // JVNDB: JVNDB-2009-002745 // BID: 84653 // IVD: d26831ac-23cc-11e6-abef-000c29c66e3d // VULHUB: VHN-35973

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: d26831ac-23cc-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	advantech	model:	adam-6066	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6060w	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6060	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6022	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6018	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6050	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6051	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6051w	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6024	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6017	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6015	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6501	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6052	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam-6050w	scope:	eq	version:	*	Trust: 1.0
vendor:	advantech	model:	adam	scope:	eq	version:	6000	Trust: 0.8
vendor:	advantech	model:	adam-6060	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6024	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6050	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6051	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6066	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6052	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6051w	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6060w	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6022	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6050w	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	adam-6501	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6066	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6060w	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6060	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6052	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6051w	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6051	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6050w	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6050	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6024	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6022	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6018	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6017	scope:	eq	version:	0	Trust: 0.3
vendor:	advantech	model:	adam-6015	scope:	eq	version:	0	Trust: 0.3
vendor:	adam 6015	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6017	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6018	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6022	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6024	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6050	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6050w	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6051	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6051w	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6052	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6060	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6060w	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6066	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	adam 6501	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: d26831ac-23cc-11e6-abef-000c29c66e3d // BID: 84653 // JVNDB: JVNDB-2009-002745 // CNNVD: CNNVD-200901-037 // NVD: CVE-2008-5848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-5848
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-5848
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200901-037
value:	CRITICAL
Trust: 0.6
IVD:	d26831ac-23cc-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-35973
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-5848
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	d26831ac-23cc-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-35973
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: d26831ac-23cc-11e6-abef-000c29c66e3d // VULHUB: VHN-35973 // JVNDB: JVNDB-2009-002745 // CNNVD: CNNVD-200901-037 // NVD: CVE-2008-5848

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-35973 // JVNDB: JVNDB-2009-002745 // NVD: CVE-2008-5848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200901-037

TYPE

Trust management

Trust: 0.8

sources: IVD: d26831ac-23cc-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200901-037

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002745

PATCH

title:

1-15392120

url:

http://support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-95WMW

Trust: 0.8

sources: JVNDB: JVNDB-2009-002745

EXTERNAL IDS

db:	NVD	id:	CVE-2008-5848	Trust: 3.0
db:	CNNVD	id:	CNNVD-200901-037	Trust: 0.9
db:	JVNDB	id:	JVNDB-2009-002745	Trust: 0.8
db:	BID	id:	84653	Trust: 0.4
db:	IVD	id:	D26831AC-23CC-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-35973	Trust: 0.1

sources: IVD: d26831ac-23cc-11e6-abef-000c29c66e3d // VULHUB: VHN-35973 // BID: 84653 // JVNDB: JVNDB-2009-002745 // CNNVD: CNNVD-200901-037 // NVD: CVE-2008-5848

REFERENCES

url:	http://support.advantech.com.tw/support/downloadsrdetail.aspx?sr_id=1-95wmw	Trust: 2.0
url:	http://ruxcon.org.au/files/2008/sift-ruxcon2008-scada-hacking-modbus-enabled-devices.pdf	Trust: 2.0
url:	http://www.ruxcon.org.au/presentations.shtml#13	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5848	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5848	Trust: 0.8

sources: VULHUB: VHN-35973 // BID: 84653 // JVNDB: JVNDB-2009-002745 // CNNVD: CNNVD-200901-037 // NVD: CVE-2008-5848

CREDITS

Unknown

Trust: 0.3

sources: BID: 84653

SOURCES

db:	IVD	id:	d26831ac-23cc-11e6-abef-000c29c66e3d
db:	VULHUB	id:	VHN-35973
db:	BID	id:	84653
db:	JVNDB	id:	JVNDB-2009-002745
db:	CNNVD	id:	CNNVD-200901-037
db:	NVD	id:	CVE-2008-5848

LAST UPDATE DATE

2025-04-10T23:15:39.819000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-35973	date:	2009-05-20T00:00:00
db:	BID	id:	84653	date:	2009-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-002745	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200901-037	date:	2009-05-20T00:00:00
db:	NVD	id:	CVE-2008-5848	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	IVD	id:	d26831ac-23cc-11e6-abef-000c29c66e3d	date:	2009-01-06T00:00:00
db:	VULHUB	id:	VHN-35973	date:	2009-01-06T00:00:00
db:	BID	id:	84653	date:	2009-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-002745	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200901-037	date:	2009-01-06T00:00:00
db:	NVD	id:	CVE-2008-5848	date:	2009-01-06T17:30:00.267