7.5
CVE-2023-49115
- EPSS 0.59%
- Veröffentlicht 01.02.2024 23:15:09
- Zuletzt bearbeitet 21.11.2024 08:32:51
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMachineSense FeverWarn Missing Authentication for Critical Function
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Machinesense ≫ Feverwarn Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.436 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://machinesense.com/pages/about-machinesense
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01