{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-47867","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-11-30T20:38:25.983Z","datePublished":"2024-02-01T22:30:59.328Z","dateUpdated":"2024-08-02T21:16:43.765Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"FeverWarn","vendor":"MachineSense","versions":[{"status":"affected","version":"ESP32"},{"status":"affected","version":"RaspberryPi"},{"status":"affected","version":"DataHub RaspberryPi"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Vera Mens of Claroty Research reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.\n\n\n\n\n\n\n\n\n\n"}],"value":"\n\n\n\n\n\n\n\n\nMachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.\n\n\n\n\n\n\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-02-01T22:30:59.328Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01"},{"url":"https://machinesense.com/pages/about-machinesense"}],"source":{"discovery":"EXTERNAL"},"tags":["unsupported-when-assigned"],"title":"MachineSense FeverWarn Improper Access Control","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nFeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense for additional information.\n\n
"}],"value":"\nFeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense https://machinesense.com/pages/about-machinesense for additional information.\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-47867","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-02-02T19:20:50.838031Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T17:21:25.799Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T21:16:43.765Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01","tags":["x_transferred"]},{"url":"https://machinesense.com/pages/about-machinesense","tags":["x_transferred"]}]}]}}