CVE-2016-9358

Published Jun 30, 2017
Last updated 5 years ago
CVSS critical 9.8
Overview

Description: A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.
Source: ics-cert@hq.dhs.gov
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-798
ics-cert@hq.dhs.gov: CWE-259
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93191ACD-DF7E-4EE1-9396-5F87BE4BB414"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A569889-0558-4788-9243-6AF94F211CE0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BB917C8-69E5-4225-8CBF-B64F559B1227"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a325:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B6F958A-27ED-4BD7-B9BE-1E7CF12AE858"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11916717-347F-418A-9222-8D7A69836B39"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a371:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "130F7106-6439-4A7F-BF38-31669FEE3402"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BBE36F1-1D3E-4C30-8017-623EB45F413B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a520_master:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A9B7F2B3-990A-4B13-BB55-10CFF2438B5D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F635EC13-DD73-4198-8A06-20CB7520B937"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a520_slave:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45DB8E00-26BC-48D3-8F89-2396A112C6D3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E734B17C-E7C8-48B1-8240-825C3AEC41B3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a530:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F6EDAD0F-E50F-460C-B572-1CB72285DACB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7CBE310-04B6-4844-B5F7-180CA5DF524F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a542:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CF3DF08D-46C7-4540-AC8A-1E14727DBEB4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "797CFA0D-60DF-4749-B1C6-FADA0D9FCC2D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:a571:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D332991E-5CCE-44C0-A438-B7209E373304"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2802D79A-DE9F-4CA0-9517-953337827DD0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:check_bin_grader:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48058F05-3E5F-4FC8-9B42-8ADB88D86762"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8421719-5050-49CF-8FBD-566F0359DE36"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:flowlineqc_t376:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F06F792-297C-447A-8E11-CDB4EEE1B158"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB7CB690-FEE4-480E-A1B4-9503D5099945"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8513725-09B4-43F5-9685-32839B7809FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB7CB690-FEE4-480E-A1B4-9503D5099945"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0AEA79E-9F9D-4098-B3F7-876913CBDC8C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:p520:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "384ED7B9-4B83-4E72-A48E-8A67E2A29C9C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "212EC3DC-4868-4E1E-AD35-93BDD1EF1297"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:p574:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6E4A4869-50BE-4E9D-99B7-535CF1329778"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78C1496A-69B1-48DC-904A-CD44F0ACE5A9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:sensorx13_qc_flow_line:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2DD15EDF-EE4F-4248-B43F-331598FBE5D8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3FCCB05-25F5-4C20-96D9-0907320FCAD0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:sensorx23_qc_master:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26D24ACE-8639-4FAC-A53D-A483EA98B256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58F46DC1-2487-4B62-97E7-EDE1F28EEA74"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:sensorx23_qc_slave:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "663A11BB-6596-43CF-BCC3-C424F2E9305F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68C8ADA0-0247-4222-835A-C1105DCF0C34"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:speed_batcher:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B164735A-B2DC-4FC6-BB49-A1564BB29BDA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39E32E5B-278B-4A99-98D0-63C703997DF5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:t374:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C3DEFFF4-6619-4738-9D63-356224CD96A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B3C440B-6167-471A-9E74-218023AFC823"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:t377:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "41FCBD6D-D9A3-498B-93F5-6952747669B2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DB75BCF-DCA2-48D8-BD29-0878ABE2E015"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:v36:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5AB6A6F0-3ACA-4772-BE2E-8A2E5C50CA0C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C28936CB-D8D2-4B54-B54B-50E541F620EE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:v36b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "726488AE-F14A-4C95-8CBE-BFC3CB9D2081"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8120591B-772A-45EB-9B28-A4AC58A270F5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:marel:v36c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "806F5060-EAD6-48DF-829E-118C87F724C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
