CVE-2023-6221
HIGHMachineSense FeverWarn Firmware - Unauthenticated Sensitive Data Exposure via Cloud Provider
Title source: llmDescription
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01
Scores
CVSS v3
7.7
EPSS
0.0058
EPSS Percentile
43.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
machinesense/feverwarn_firmware
Published
Feb 01, 2024
Tracked Since
Feb 18, 2026