CVE-2023-49610 | THREATINT

Description

MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack.

PUBLISHED Reserved 2023-11-30 | Published 2024-02-01 | Updated 2024-10-17 | Assigner icscert

HIGH: 8.1CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

ESP32

affected

RaspberryPi

affected

DataHub RaspberryPi

affected

Credits

Vera Mens of Claroty Research reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-24-025-01

machinesense.com/pages/about-machinesense

www.cisa.gov/news-events/ics-advisories/icsa-24-025-01

machinesense.com/pages/about-machinesense

cve.org (CVE-2023-49610)

nvd.nist.gov (CVE-2023-49610)

Download JSON