CVE-2023-6221

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*

History

08 Feb 2024, 16:01

Type Values Removed Values Added
First Time Machinesense
Machinesense feverwarn Firmware
Machinesense feverwarn
CVSS v2 : unknown
v3 : 7.7
v2 : unknown
v3 : 6.5
Summary
  • (es) El proveedor de nube que MachineSense utiliza para la integración y la implementación de múltiples dispositivos MachineSense, como el controlador lógico programable (PLC), PumpSense, PowerAnalyzer, FeverWarn y otros, no está suficientemente protegido contra el acceso no autorizado. Un atacante con acceso a los procedimientos internos podría ver el código fuente, credenciales secretas y más.
References () https://machinesense.com/pages/about-machinesense - () https://machinesense.com/pages/about-machinesense - Product
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01 - Third Party Advisory, US Government Resource
CPE cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*

01 Feb 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-01 23:15

Updated : 2024-05-17 02:33


NVD link : CVE-2023-6221

Mitre link : CVE-2023-6221

CVE.ORG link : CVE-2023-6221


JSON object : View

Products Affected

machinesense

  • feverwarn
  • feverwarn_firmware
CWE
CWE-306

Missing Authentication for Critical Function