Main Vulnerability Database Vulnerabilities #VU85830

#VU85830 Improper access control in MachineSense products - CVE-2023-47867

Published: January 26, 2024

Vulnerability identifier: #VU85830

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-47867

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
FeverWarn ESP32
FeverWarn RaspberryPi
FeverWarn DataHub RaspberryPi

Software vendor:
MachineSense

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker on the local network can connect to the device's web services and compromise the device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01