CVE-2023-6221

Summary

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.

Affected Software

VendorProductVersion RangeStatus
MachineSenseFeverWarnESP32affected
MachineSenseFeverWarnRaspberryPiaffected
MachineSenseFeverWarnDataHub RaspberryPiaffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

FeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense https://machinesense.com/pages/about-machinesense  for additional information.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References