Technical Bulletin 24-14: Security Advisory - FieldServer Gateway

Important information regarding FieldServer Gateways and Embedded Modules

Security Advisory - FieldServer Gateway

TB: 24-14
Date: Tuesday, December 24, 2024
Product Lines Affected: FieldServer Gateways and Embedded Modules with build dates from September 2020 to June 2024, or build revisions 5.0.0 to 6.5.2, excluding models FPC-AD2-XXXX and FPC-E03-XXXX

MSA has discovered vulnerabilities impacting multiple versions of FieldServer firmware. This security advisory details 3 CVEs and user recommendations. MSA has not received any reports of unauthorized access associated with these vulnerabilities, however it is recommended to follow the actions in this notice.

AFFECTED PART NUMBERS

USER RECOMMENDATIONS

MSA has released an update for the affected FieldServer Gateways that addresses the above-mentioned CVEs. MSA recommends updating your device to the latest firmware version by following the steps below:

Identify the Build Date, Build Revision, and Model Number of your device to determine if it is affected.
Go to https://us.msasafety.com/downloads and enter your model number in the “Firmware Images” section under the “FieldServer” heading, (ex: FPC-N54-1234)
Download and install the firmware update to your device.

Note: For a detailed, step-by-step procedure, please see Appendix: Detailed User Instructions.

For any questions regarding this notification, contact MSA as shown below:

This notice is for informational purposes only
The urgency and severity ratings of this notification are not tailored to individual users and may vary based upon the specifics of your product configuration.
Users are responsible for assessing the impact of any actual or potential security vulnerability.
MSA reviewed this notice prior to publication; however, use of the information in this document or related materials is at your own risk.
MSA reserves the right to change or update this document at any time and without notice.
MSA provides the CVSS scores and other information herein “as is” without warranty of any kind.
MSA disclaims the implied warranties of merchantability, noninfringement, and fitness for a purpose and makes no express warranties except as may be stated in a written agreement with and for its customers.
In no event is MSA responsible for any cost, expense, or other damages of any kind, however arising, related to or arising from anything provided for or described in this notice, and in no event will MSA be liable for any direct, indirect, special, or consequential damages.

APPENDIX: DETAILED USER INSTRUCTIONS

Identifying Model Number, Build Revision, and Build Date

Locate the Model Number of your unit on the product label, (ex: FPC-N54-1234)
Connect a PC to the Ethernet port of the FieldServer Gateway.
1. Refer to Section 5 of the Start-Up Guide for additional instructions on setting up your PC.
Open a web browser and go to the FieldServer GUI by typing the unit’s IP address in the address bar.
1. Default IP address of the unit is printed on the product label.
  1. ProtoNode Gateway: http://192.168.1.24/htm/fsgui.htm
  2. System Integrator: http://192.168.2.101/htm/fsqui.htm
2. If the IP address has been updated, use the FieldServer toolbox to view the IP address.
  1. fieldServer toolbox is also available in the “Download” section under the “FieldServer” heading.
Click on “About” in the Navigation Tree on the left.
Review “Firmware” tab on the right. An update is required for Build Revisions or Build Dates shown below:
1. Build Revisions 5.0.0 to 6.5.2.
2. Build Dates September 2020 to June 2024.
3. If your product is outside of this range, no further action is needed.
4. If your product is within this range, proceed to next section.

Download and Installation of Firmware Update

Go to https://us.msasafety.com/downloads and scroll to the “FieldServer” heading.
Enter your model number in the “Firmware Images” section under the “FieldServer” heading.
Save the file displayed to your PC.
Open a web browser and type the IP address of the FieldServer in the address bar.
Click “Setup”, then click “File Transfer” in the Navigation Tree on the left-hand side.
Click on the “Firmware” tab.
Click “Browse” and select the firmware file that you downloaded.
Click “Submit”.
Click “System Restart” when the download is complete.
Confirm that the firmware uploaded appropriately by checking that the build revision is 7.0.0 or higher in the “Status” tab on the FieldServer GUI.

If you have questions, please contact the Technical Product Manager undersigned.

Sincerely,

Christina McKercher
Technical Product Manager
Office: +1 613 714 6534
Christina.Mckercher@condair.com

Manage your preferences | Opt Out using TrueRemove™
Got this as a forward? Sign up to receive our future emails.
View this email online.

2740 Fenton Road | Ottawa, ON K1T3T7 CA

This email was sent to .
To continue receiving our emails, add us to your address book.

Subscribe to our email list.