Vulnerabilities > Machinesense > Feverwarn Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-46706 | Use of Hard-coded Credentials vulnerability in Machinesense Feverwarn Firmware Multiple MachineSense devices have credentials unable to be changed by the user or administrator. | 9.8 |
| 2024-02-01 | CVE-2023-47867 | Unspecified vulnerability in Machinesense Feverwarn Firmware MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device. low complexity machinesense | 8.8 |
| 2024-02-01 | CVE-2023-49115 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users. | 7.5 |
| 2024-02-01 | CVE-2023-49610 | Unspecified vulnerability in Machinesense Feverwarn Firmware MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack. low complexity machinesense | 8.1 |
| 2024-02-01 | CVE-2023-49617 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. | 9.1 |
| 2024-02-01 | CVE-2023-6221 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. | 6.5 |