GSD-2023-47867
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** UNSUPPPORTED WHEN ASSIGNED **
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-47867",
"id": "GSD-2023-47867"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-47867"
],
"details": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device\u0027s web services and compromise the device.\n\n\n\n\n\n\n\n\n\n",
"id": "GSD-2023-47867",
"modified": "2023-12-13T01:20:51.343911Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2023-47867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FeverWarn",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "ESP32"
},
{
"version_affected": "=",
"version_value": "RaspberryPi"
},
{
"version_affected": "=",
"version_value": "DataHub RaspberryPi"
}
]
}
}
]
},
"vendor_name": "MachineSense"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Vera Mens of Claroty Research reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device\u0027s web services and compromise the device.\n\n\n\n\n\n\n\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-284",
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01"
},
{
"name": "https://machinesense.com/pages/about-machinesense",
"refsource": "MISC",
"url": "https://machinesense.com/pages/about-machinesense"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://machinesense.com/pages/about-machinesense\"\u003econtact MachineSense\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for additional information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nFeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense https://machinesense.com/pages/about-machinesense \u00a0for additional information.\n\n\n"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device\u0027s web services and compromise the device.\n\n\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Los dispositivos MachineSense FeverWarn est\u00e1n configurados como hosts Wi-Fi de manera que los atacantes dentro del alcance puedan conectarse a los servicios web del dispositivo y comprometerlo."
}
],
"id": "CVE-2023-47867",
"lastModified": "2024-04-11T01:22:08.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-02-01T23:15:09.567",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://machinesense.com/pages/about-machinesense"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…