CVE-2023-6221

Name of the Vulnerable Software and Affected Versions MachineSense (affected versions not specified) FeverWarn ESP32 (affected versions not specified) FeverWarn RaspberryPi (affected versions not specified) FeverWarn DataHub RaspberryPi (affected versions not specified)

Description The cloud provider used by MachineSense for integration and deployment of multiple devices is insufficiently protected against unauthorized access. An attacker with access to internal procedures could view source code, secret credentials, and more. The vulnerability in the MachineSense microprogrammed software components, including FeverWarn ESP32, FeverWarn RaspberryPi, and FeverWarn DataHub RaspberryPi, is related to the lack of an authentication procedure for a critical function, allowing a remote attacker to gain unauthorized access to protected information.

Recommendations For MachineSense, consider restricting access to internal procedures until a proper authentication mechanism is implemented. For FeverWarn ESP32, FeverWarn RaspberryPi, and FeverWarn DataHub RaspberryPi, implement an authentication procedure for the critical function to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.