Vulnerability CVE-2017-6041


Published: 2017-06-29   Modified: 2017-06-30

Description:
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Marel -> A520 slave firmware 
Marel -> Ipm3 dual cam firmware 
Marel -> A320 firmware 
Marel -> A530 firmware 
Marel -> V36c firmware 
Marel -> T374 firmware 
Marel -> Sensorx23 qc master firmware 
Marel -> A571 firmware 
Marel -> P574 firmware 
Marel -> Flowlineqc t376 firmware 
Marel -> A371 firmware 
Marel -> Sensorx13 qc flow line firmware 
Marel -> Speed batcher firmware 
Marel -> P520 firmware 
Marel -> T377 firmware 
Marel -> Check bin grader firmware 
Marel -> V36b firmware 
Marel -> V36 firmware 
Marel -> A520 master firmware 
Marel -> Sensorx23 qc slave firmware 
Marel -> A325 firmware 
Marel -> A542 firmware 

 References:
http://www.securityfocus.com/bid/97388
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02

Copyright 2024, cxsecurity.com

 

Back to Top