CVE-2023-49115
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MachineSense | FeverWarn | ESP32 | affected |
| MachineSense | FeverWarn | RaspberryPi | affected |
| MachineSense | FeverWarn | DataHub RaspberryPi | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
FeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense https://machinesense.com/pages/about-machinesense for additional information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
- https://machinesense.com/pages/about-machinesense
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
- https://machinesense.com/pages/about-machinesense
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.