CVE-2017-6041
Published Jun 30, 2017
Last updated 5 years ago
Overview
- Description
- An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93191ACD-DF7E-4EE1-9396-5F87BE4BB414"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a320:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5A569889-0558-4788-9243-6AF94F211CE0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BB917C8-69E5-4225-8CBF-B64F559B1227"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a325:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1B6F958A-27ED-4BD7-B9BE-1E7CF12AE858"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11916717-347F-418A-9222-8D7A69836B39"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a371:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "130F7106-6439-4A7F-BF38-31669FEE3402"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BBE36F1-1D3E-4C30-8017-623EB45F413B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a520_master:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A9B7F2B3-990A-4B13-BB55-10CFF2438B5D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F635EC13-DD73-4198-8A06-20CB7520B937"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a520_slave:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "45DB8E00-26BC-48D3-8F89-2396A112C6D3"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E734B17C-E7C8-48B1-8240-825C3AEC41B3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a530:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F6EDAD0F-E50F-460C-B572-1CB72285DACB"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7CBE310-04B6-4844-B5F7-180CA5DF524F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a542:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CF3DF08D-46C7-4540-AC8A-1E14727DBEB4"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "797CFA0D-60DF-4749-B1C6-FADA0D9FCC2D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a571:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D332991E-5CCE-44C0-A438-B7209E373304"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2802D79A-DE9F-4CA0-9517-953337827DD0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:check_bin_grader:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "48058F05-3E5F-4FC8-9B42-8ADB88D86762"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8421719-5050-49CF-8FBD-566F0359DE36"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:flowlineqc_t376:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7F06F792-297C-447A-8E11-CDB4EEE1B158"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB7CB690-FEE4-480E-A1B4-9503D5099945"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8513725-09B4-43F5-9685-32839B7809FB"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB7CB690-FEE4-480E-A1B4-9503D5099945"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0AEA79E-9F9D-4098-B3F7-876913CBDC8C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:p520:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "384ED7B9-4B83-4E72-A48E-8A67E2A29C9C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "212EC3DC-4868-4E1E-AD35-93BDD1EF1297"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:p574:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6E4A4869-50BE-4E9D-99B7-535CF1329778"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78C1496A-69B1-48DC-904A-CD44F0ACE5A9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:sensorx13_qc_flow_line:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2DD15EDF-EE4F-4248-B43F-331598FBE5D8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3FCCB05-25F5-4C20-96D9-0907320FCAD0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:sensorx23_qc_master:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "26D24ACE-8639-4FAC-A53D-A483EA98B256"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58F46DC1-2487-4B62-97E7-EDE1F28EEA74"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:sensorx23_qc_slave:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "663A11BB-6596-43CF-BCC3-C424F2E9305F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C8ADA0-0247-4222-835A-C1105DCF0C34"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:speed_batcher:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B164735A-B2DC-4FC6-BB49-A1564BB29BDA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39E32E5B-278B-4A99-98D0-63C703997DF5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:t374:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C3DEFFF4-6619-4738-9D63-356224CD96A1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B3C440B-6167-471A-9E74-218023AFC823"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:t377:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "41FCBD6D-D9A3-498B-93F5-6952747669B2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DB75BCF-DCA2-48D8-BD29-0878ABE2E015"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:v36:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5AB6A6F0-3ACA-4772-BE2E-8A2E5C50CA0C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C28936CB-D8D2-4B54-B54B-50E541F620EE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:v36b:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "726488AE-F14A-4C95-8CBE-BFC3CB9D2081"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8120591B-772A-45EB-9B28-A4AC58A270F5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:v36c:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "806F5060-EAD6-48DF-829E-118C87F724C2"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]