Vulnerability Details : CVE-2023-6221
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.
Vulnerability category: Bypass
Products affected by CVE-2023-6221
- cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6221
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6221
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
3.1
|
4.0
|
ICS-CERT | 2024-02-02 |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | 2024-02-08 |
CWE ids for CVE-2023-6221
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-6221
-
https://machinesense.com/pages/about-machinesense
About MachineSense | Machinery & Manufacturing SectorProduct
-
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
Opteev MachineSense FeverWarn | CISAThird Party Advisory;US Government Resource
Jump to