CVE-2023-46706

Name of the Vulnerable Software and Affected Versions MachineSense devices (affected versions not specified) FeverWarn ESP32 (affected versions not specified) FeverWarn RaspberryPi (affected versions not specified) FeverWarn DataHub RaspberryPi (affected versions not specified)

Description The issue is related to the absence of an authentication procedure for a critical function in the microprogram software of FeverWarn systems, allowing a remote attacker to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the device. Additionally, Multiple MachineSense devices have credentials that cannot be changed by the user or administrator.

Recommendations For MachineSense devices, consider restricting access to critical functions until a fix is available. For FeverWarn ESP32, FeverWarn RaspberryPi, and FeverWarn DataHub RaspberryPi, disable critical functions that lack authentication procedures as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.