CVE-2024-45493 is a critical authentication bypass vulnerability affecting MSA FieldServer Gateway versions 5.0.0 through 6.5.2. The FieldServer Gateway includes internal user accounts intended to be restricted to local device login only, preventing remote network authentication. However, due to a flaw in the authentication mechanism, an attacker who knows the password of an internal user can bypass this local-only restriction and authenticate remotely over the network. This bypass effectively allows unauthorized remote access to the device with the privileges of the internal user account. The vulnerability is classified under CWE-862 (Missing Authorization), indicating a failure to properly enforce access control policies. The CVSS v3.1 base score is 9.8 (critical), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning the attack can be performed remotely without authentication or user interaction, and results in high impact on confidentiality, integrity, and availability. The vulnerability was reserved on 2024-08-30 and published on 2024-12-10. It is fixed in version 7.0.0 of the product. No public exploits have been reported yet, but the ease of exploitation and critical impact make this a significant threat to organizations using affected versions.

The vulnerability allows attackers to remotely authenticate as internal users, bypassing intended local-only login restrictions. This can lead to unauthorized access to sensitive device functions and data, potentially allowing attackers to manipulate device operations, exfiltrate information, or disrupt services. Given the critical CVSS score, the impact spans confidentiality, integrity, and availability, meaning attackers could fully compromise the affected FieldServer Gateway devices. These devices are often used in industrial control systems and building automation, so exploitation could have severe operational consequences, including safety risks and operational downtime. Organizations relying on these devices may face significant disruption, data breaches, and potential cascading effects on critical infrastructure.

1. Upgrade affected MSA FieldServer Gateway devices to version 7.0.0 or later, where the vulnerability is fixed. 2. Restrict network access to FieldServer Gateway devices by implementing strict firewall rules and network segmentation to limit exposure to trusted management networks only. 3. Enforce strong password policies for internal user accounts to reduce the risk of credential compromise. 4. Monitor network traffic and device logs for unusual authentication attempts or remote access patterns indicative of exploitation attempts. 5. If immediate upgrade is not possible, consider disabling or limiting internal user accounts or local login features where feasible. 6. Employ multi-factor authentication (MFA) if supported by the device or surrounding infrastructure to add an additional layer of security. 7. Conduct regular security audits and vulnerability assessments on industrial control system components to identify and remediate similar issues proactively.