← back
CVE-2024-45494

CVE-2024-45494

CVSS 9.8 CRITICALEPSS 0.5%CWE-276
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://us.msasafety.com/fieldserverhttps://us.msasafety.com/security-notices