MachineSense FeverWarn

Act Now10ICS-CERT ICSA-24-025-01Jan 25, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

FeverWarn thermal screening devices (ESP32, RaspberryPi, and DataHub variants) contain multiple critical vulnerabilities: missing authentication (CWE-306), hardcoded credentials (CWE-798), improper access controls (CWE-284), and missing input validation (CWE-20). These flaws allow remote attackers without credentials to extract user data, execute arbitrary code, or gain full control of the devices over the network. MachineSense discontinued FeverWarn before the end of the pandemic and will not provide patches. The product is no longer available, and the vendor is not aware of current users.

What this means

What could happen

An attacker with network access could extract user data, run arbitrary code on FeverWarn devices, or take full control of the system to alter temperature readings or disrupt scanning operations. With no vendor support, affected devices cannot be patched.

Who's at risk

This advisory affects organizations that deployed MachineSense FeverWarn thermal screening systems, typically in healthcare facilities, airports, and offices during the pandemic. The devices include ESP32-based sensors, RaspberryPi-based edge devices, and DataHub aggregation servers. Any facility still using these discontinued products for temperature monitoring is at risk, though CISA indicates current users are rare.

How it could be exploited

An attacker on the network can send a crafted request to an unauthenticated service (CVSS vector shows no authentication required and network accessible) to exploit missing input validation and hardcoded credentials, gaining code execution on the ESP32, RaspberryPi, or DataHub device.

Prerequisites

Network access to the FeverWarn device (direct or via Internet if exposed)
No valid credentials or authentication required
Device must be connected to a network and running the vulnerable firmware

remotely exploitableno authentication requiredlow complexity attackno patch available (end-of-life product)affects safety/health monitoring systemshardcoded credentials (CWE-798)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

FeverWarn: ESP32ESP32No fix (EOL)

FeverWarn: RaspberryPiRaspberryPiNo fix (EOL)

FeverWarn: DataHub_RaspberryPiDataHub RaspberryPiNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGDisconnect FeverWarn devices from the network or power down completely if no longer needed for operations

HARDENINGIf FeverWarn devices must remain operational, isolate them behind a firewall with explicit rules blocking inbound access from all but essential authorized endpoints

HARDENINGSegment FeverWarn devices from business networks and ensure they are not routable to the Internet

WORKAROUNDMonitor network traffic to and from FeverWarn devices for signs of unauthorized access or data exfiltration

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGContact MachineSense to assess whether your organization still operates FeverWarn devices and determine decommissioning timeline

CVEs (6)

CVE-2023-6221 CVE-2023-46706 CVE-2023-49617 CVE-2023-49115 CVE-2023-47867 CVE-2023-49610

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fec48653-585a-44b4-ac20-65b9821c646a