Vulnerabilities > Machinesense

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-46706 Use of Hard-coded Credentials vulnerability in Machinesense Feverwarn Firmware
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
network
low complexity
machinesense CWE-798
critical
9.8
2024-02-01 CVE-2023-47867 Unspecified vulnerability in Machinesense Feverwarn Firmware
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.
low complexity
machinesense
8.8
2024-02-01 CVE-2023-49115 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
network
low complexity
machinesense CWE-306
7.5
2024-02-01 CVE-2023-49610 Unspecified vulnerability in Machinesense Feverwarn Firmware
MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.
low complexity
machinesense
8.1
2024-02-01 CVE-2023-49617 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication.
network
low complexity
machinesense CWE-306
critical
9.1
2024-02-01 CVE-2023-6221 Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware
The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access.
network
low complexity
machinesense CWE-306
6.5