CVE-2023-49115 – MachineSense devices use unauthenticated MQTT m... (How to Fix)

Q: What is the severity of CVE-2023-49115?

CVE-2023-49115 has a CVSS score of 7.5 (HIGH). MachineSense devices use unauthenticated MQTT messaging for monitoring and remote viewing of sensor data, allowing attackers to intercept or manipulate data without credentials. This affects all MachineSense devices using the vulnerable MQTT implementation.

📋 TL;DR

MachineSense devices use unauthenticated MQTT messaging for monitoring and remote viewing of sensor data, allowing attackers to intercept or manipulate data without credentials. This affects all MachineSense devices using the vulnerable MQTT implementation.

💻 Affected Systems

Products:

MachineSense devices with MQTT monitoring capabilities

Versions: All versions prior to patching

Operating Systems: Embedded systems on MachineSense devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices configured to use MQTT for monitoring without authentication enabled.

📦 What is this software?

Feverwarn Firmware by Machinesense

View all CVEs affecting Feverwarn Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept sensitive sensor data, inject false readings to cause operational disruptions, or potentially gain unauthorized access to control systems.

🟠

Likely Case

Unauthorized viewing of sensor data, data interception, and potential manipulation of monitoring information.

🟢

If Mitigated

Limited to authorized monitoring with proper authentication and network segmentation in place.

🌐 Internet-Facing: HIGH - Unauthenticated MQTT endpoints exposed to the internet can be directly accessed by attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit the vulnerability within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only MQTT client tools and knowledge of the device's MQTT topics.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://machinesense.com/pages/about-machinesense

Restart Required: Yes

Instructions:

1. Contact MachineSense support for patch availability 2. Apply vendor-provided firmware update 3. Restart affected devices 4. Verify MQTT authentication is enabled

🔧 Temporary Workarounds

Enable MQTT Authentication

all

Configure MQTT broker to require authentication before allowing connections

# Configure MQTT broker authentication settings
# Set username/password requirements in MQTT configuration

Network Segmentation

all

Isolate MachineSense devices in separate network segments with firewall rules

# Configure firewall to restrict MQTT traffic (port 1883/8883)
# Allow only authorized IP addresses to connect

🧯 If You Can't Patch

Implement network-level authentication using VPN or TLS certificates for MQTT traffic
Deploy intrusion detection systems to monitor for unauthorized MQTT connections

🔍 How to Verify

Check if Vulnerable:

Attempt to connect to device MQTT broker (port 1883/8883) without credentials using tools like mosquitto_sub

Check Version:

Check device firmware version through web interface or vendor tools

Verify Fix Applied:

Verify MQTT connections now require authentication and fail without valid credentials

📡 Detection & Monitoring

Log Indicators:

Failed MQTT authentication attempts
Unauthorized MQTT connections
Unusual MQTT topic subscriptions

Network Indicators:

Unencrypted MQTT traffic to/from MachineSense devices
MQTT connections from unauthorized IP addresses

SIEM Query:

source_port:1883 OR source_port:8883 AND NOT (auth_success:true)

📊 Metadata

CVE ID: CVE-2023-49115

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-306

Published: February 1, 2024

Last Updated: November 21, 2024

🔗 References

https://machinesense.com/pages/about-machinesense Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01 Third Party Advisory,US Government Resource
https://machinesense.com/pages/about-machinesense Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49115, you might also want to check these: