CVE-2023-49610

MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://machinesense.com/pages/about-machinesense	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*

History

08 Feb 2024, 15:50

Type	Values Removed	Values Added
First Time		Machinesense Machinesense feverwarn Firmware Machinesense feverwarn
CPE		cpe:2.3:o:machinesense:feverwarn_firmware:-:::::::* cpe:2.3:h:machinesense:feverwarn:-:::::::*
References	~~() https://machinesense.com/pages/about-machinesense -~~	() https://machinesense.com/pages/about-machinesense - Product
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01 - Third Party Advisory, US Government Resource
CWE		NVD-CWE-noinfo
Summary		(es) Los dispositivos basados en MachineSense FeverWarn Raspberry Pi carecen de sanitización de entrada, lo que podría permitir que un atacante en una red adyacente envíe un mensaje ejecutando comandos o podría desbordar la pila.

01 Feb 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-01 23:15

Updated : 2024-04-11 01:22

NVD link : CVE-2023-49610

Mitre link : CVE-2023-49610

CVE.ORG link : CVE-2023-49610

JSON object : View

Products Affected

machinesense

feverwarn_firmware
feverwarn

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2023-49610", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-02-01T23:15:10.003", "references": [{"url": "https://machinesense.com/pages/about-machinesense", "tags": ["Product"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\nMachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.\n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Los dispositivos basados en MachineSense FeverWarn Raspberry Pi carecen de sanitizaci\u00f3n de entrada, lo que podr\u00eda permitir que un atacante en una red adyacente env\u00ede un mensaje ejecutando comandos o podr\u00eda desbordar la pila."}], "lastModified": "2024-04-11T01:22:17.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}