nvd-json-data-feeds/CVE-2024/CVE-2024-454xx/CVE-2024-45494.json

{
  "id": "CVE-2024-45494",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-10T17:15:10.197",
  "lastModified": "2024-12-11T15:15:09.750",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en los m\u00f3dulos integrados y las puertas de enlace FieldServer de MSA Safety con revisiones de compilaci\u00f3n anteriores a la 7.0.0. El m\u00f3dulo de puerta de enlace FieldServer tiene una cuenta de usuario administrativa compartida que se utiliza internamente en todos los dispositivos. La autenticaci\u00f3n para este usuario se implementa a trav\u00e9s de un secreto compartido no seguro que es est\u00e1tico en todas las versiones de firmware afectadas."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://us.msasafety.com/fieldserver",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://us.msasafety.com/security-notices",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2024-12-10T19:00:47.959958+00:00 2024-12-10 19:04:08 +00:00			`{`
			`"id": "CVE-2024-45494",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2024-12-10T17:15:10.197",`
Auto-Update: 2024-12-11T17:00:38.499974+00:00 2024-12-11 17:04:01 +00:00			`"lastModified": "2024-12-11T15:15:09.750",`
Auto-Update: 2024-12-15T03:00:19.262894+00:00 2024-12-15 03:03:56 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-12-10T19:00:47.959958+00:00 2024-12-10 19:04:08 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions."`
Auto-Update: 2024-12-15T03:00:19.262894+00:00 2024-12-15 03:03:56 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Se descubri\u00f3 un problema en los m\u00f3dulos integrados y las puertas de enlace FieldServer de MSA Safety con revisiones de compilaci\u00f3n anteriores a la 7.0.0. El m\u00f3dulo de puerta de enlace FieldServer tiene una cuenta de usuario administrativa compartida que se utiliza internamente en todos los dispositivos. La autenticaci\u00f3n para este usuario se implementa a trav\u00e9s de un secreto compartido no seguro que es est\u00e1tico en todas las versiones de firmware afectadas."
Auto-Update: 2024-12-10T19:00:47.959958+00:00 2024-12-10 19:04:08 +00:00			`}`
			`],`
Auto-Update: 2024-12-11T17:00:38.499974+00:00 2024-12-11 17:04:01 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"baseScore": 9.8,`
			`"baseSeverity": "CRITICAL",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-276"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-12-10T19:00:47.959958+00:00 2024-12-10 19:04:08 +00:00			`"references": [`
			`{`
			`"url": "https://us.msasafety.com/fieldserver",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://us.msasafety.com/security-notices",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`