CVE-2023-6221

Published: Feb 1, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.

Affected (1)

Products: Machinesense: Feverwarn Firmware

1 product

Feverwarn Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Machinesense Feverwarn Firmware	All versions

Running on/with	Platform Versions
Machinesense Feverwarn	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://machinesense.com/pages/about-machinesense

Source: ics-cert@hq.dhs.gov

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://machinesense.com/pages/about-machinesense

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.