Overview
- Description
- The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller (PLC), PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal procedures could view source code, secret credentials, and more.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
- CNA Tags
- unsupported-when-assigned
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:machinesense:feverwarn_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45F21168-E7F1-49E4-84B0-0B4EB9C6DE50"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:machinesense:feverwarn:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "489AD7C3-7648-4398-BA27-450E909171EC"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]