CVE-2024-45493
CRITICALMSA FieldServer Gateway <6.5.2 - Privilege Escalation
Title source: llmDescription
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password).
References (2)
Core 2
Core References
Various Sources
https://us.msasafety.com/fieldserver
Various Sources
https://us.msasafety.com/security-notices
Scores
CVSS v3
9.8
EPSS
0.0044
EPSS Percentile
35.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-862
Status
published
Published
Dec 10, 2024
Tracked Since
Feb 18, 2026