CVE-2023-46706

MachineSense FeverWarn Use of Hard-coded Credentials

Description

Multiple MachineSense devices have credentials unable to be changed by the user or administrator.

Workaround:

FeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense https://machinesense.com/pages/about-machinesense for additional information.

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01	third party advisory us government resource
https://machinesense.com/pages/about-machinesense	product

What is the severity of CVE-2023-46706?: CVE-2023-46706 has been scored as a critical severity vulnerability.
How to fix CVE-2023-46706?: As a workaround for remediating CVE-2023-46706: FeverWarn and the associated cloud service were pandemic-specific products for elevated body temperature scanning, discontinued by MachineSense prior to the end of the pandemic. They are no longer available, and there will be no future availability or upgrades. MachineSense is not aware of any current users of FeverWarn. Users of the affected product are encouraged to contact MachineSense https://machinesense.com/pages/about-machinesense for additional information.
Is CVE-2023-46706 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-46706 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-46706?: CVE-2023-46706 affects MachineSense FeverWarn.