{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-49610","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-11-30T20:38:25.978Z","datePublished":"2024-02-01T22:35:12.834Z","dateUpdated":"2024-10-17T16:03:08.150Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"FeverWarn","vendor":"MachineSense","versions":[{"status":"affected","version":"ESP32"},{"status":"affected","version":"RaspberryPi"},{"status":"affected","version":"DataHub RaspberryPi"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Vera Mens of Claroty Research reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n"}],"value":"\n\n\n\n\n\n\n\n\n\n\nMachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.\n\n\n\n\n\n\n\n\n\n\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-02-01T22:35:12.834Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01"},{"url":"https://machinesense.com/pages/about-machinesense"}],"source":{"discovery":"EXTERNAL"},"tags":["unsupported-when-assigned"],"title":"MachineSense FeverWarn Improper Input Validation","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">FeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://machinesense.com/pages/about-machinesense\">contact MachineSense</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;for additional information.</span>\n\n<br>"}],"value":"\nFeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to  contact MachineSense https://machinesense.com/pages/about-machinesense  for additional information.\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T22:01:25.920Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01","tags":["x_transferred"]},{"url":"https://machinesense.com/pages/about-machinesense","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-17T16:02:54.881685Z","id":"CVE-2023-49610","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-17T16:03:08.150Z"}}]}}