ICSA-24-025-01 · Published 2024-01-25 · View on CISA ICS-CERT ↗

MachineSense FeverWarn

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain user data from devices, execute remote code on devices, or gain control over devices to perform malicious actions.

CVEs (6)

CVE-2023-6221 CVE-2023-46706 CVE-2023-49617 CVE-2023-49115 CVE-2023-47867 CVE-2023-49610

Remediations

FeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense for additional information.

Affected Vendors

MachineSense LLC.

Affected Products (3)

MachineSense LLC. · FeverWarn ESP32

MachineSense LLC. · FeverWarn RaspberryPi

MachineSense LLC. · FeverWarn DataHub_RaspberryPi

Affected Sectors

Healthcare and Public Health Sector

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more