{ "id": "CVE-2024-45494", "sourceIdentifier": "cve@mitre.org", "published": "2024-12-10T17:15:10.197", "lastModified": "2024-12-17T19:15:06.497", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en los m\u00f3dulos integrados y las puertas de enlace FieldServer de MSA Safety con revisiones de compilaci\u00f3n anteriores a la 7.0.0. El m\u00f3dulo de puerta de enlace FieldServer tiene una cuenta de usuario administrativa compartida que se utiliza internamente en todos los dispositivos. La autenticaci\u00f3n para este usuario se implementa a trav\u00e9s de un secreto compartido no seguro que es est\u00e1tico en todas las versiones de firmware afectadas." } ], "metrics": { "cvssMetricV31": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-276" } ] } ], "references": [ { "url": "https://us.msasafety.com/fieldserver", "source": "cve@mitre.org" }, { "url": "https://us.msasafety.com/security-notices", "source": "cve@mitre.org" } ] }