Description
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.
References (2)
Core 2
Core References
Various Sources
https://us.msasafety.com/fieldserver
Various Sources
https://us.msasafety.com/security-notices
Scores
CVSS v3
9.8
EPSS
0.0046
EPSS Percentile
36.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-276
Status
published
Published
Dec 10, 2024
Tracked Since
Feb 18, 2026