Vulnerability CVE-2016-9358


Published: 2017-06-29   Modified: 2017-06-30

Description:
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.

Vendor: Marel
Product: Ipm3 dual cam firmware 
Version: 139; 132;
Product: V36 firmware 
Product: V36b firmware 
Product: Sensorx13 qc flow line firmware 
Product: Flowlineqc t376 firmware 
Product: A571 firmware 
Product: P574 firmware 
Product: A542 firmware 
Product: A520 master firmware 
Product: T377 firmware 
Product: V36c firmware 
Product: Check bin grader firmware 
Product: A520 slave firmware 
Product: T374 firmware 
Product: Sensorx23 qc master firmware 
Product: A325 firmware 
Product: A320 firmware 
Product: A530 firmware 
Product: Speed batcher firmware 
Product: A371 firmware 
Product: P520 firmware 
Product: Sensorx23 qc slave firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/97388
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02

Copyright 2018, cxsecurity.com

 

Back to Top