Auth bypass in Machinesense Feverwarn
CVE-2023-6221
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against un…
Vulnerability class: Broken Authentication
EPSS: 0.006 (43.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.
Affected products
- Machinesense Feverwarn — versions ESP32, RaspberryPi, DataHub RaspberryPi
- Machinesense Feverwarn_firmware
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory)
- ics-cert@hq.dhs.gov (Product)
Frequently asked questions
- What is CVE-2023-6221?
- CVE-2023-6221 is a high-severity vulnerability in Machinesense Feverwarn, classified under Missing Authentication for Critical Function. CVSS score: 7.7/10. Published 2024-02-01.
- How severe is CVE-2023-6221?
- High severity. CVSS v3 base score is 7.7 out of 10.