CVE-2024-45494

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

n issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.

References

Link	Resource
https://us.msasafety.com/fieldserver
https://us.msasafety.com/security-notices

Configurations

No configuration.

History

17 Dec 2024, 19:15

Type	Values Removed	Values Added
Summary	(en) An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.	(en) An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.

11 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-10 17:15

Updated : 2024-12-17 19:15

NVD link : CVE-2024-45494

Mitre link : CVE-2024-45494

CVE.ORG link : CVE-2024-45494

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

9.8 /10