Weak Authentication Flaw in MSA FieldServer Gateway
CVE-2024-45494

Currently unrated

Key Information:

Vendor: MSA Safety
Status: FieldServer Gateway
Vendor: CVE Published:; 10 December 2024

What is CVE-2024-45494?

The MSA FieldServer Gateway versions 5.0.0 to 6.5.2 possess a security flaw due to a weak authentication mechanism implemented through a globally shared administrative user account. This account uses a static shared secret across all affected firmware versions, making it vulnerable to exploitation. An attacker with knowledge of this secret can gain unauthorized access, potentially compromising device controls and sensitive data.

References

https://us.msasafety.com/fieldserver

https://us.msasafety.com/security-notices

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2024

MSA Safety

What is CVE-2024-45494?

References

Timeline