Lucene search

[email protected]CVE-2016-9358

HistoryJun 30, 2017 - 3:29 a.m.

CVE-2016-9358

2017-06-3003:29:00

CWE-798

CWE-259

[email protected]

web.nvd.nist.gov

cve-2016-9358

hard-coded passwords

marel food processing systems

security vulnerability

information security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.5%

JSON

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.

Affected configurations

NVD

Node

marela320_firmwareMatch-

AND

marela320Match-

Node

marela325_firmwareMatch-

AND

marela325Match-

Node

marela371_firmwareMatch-

AND

marela371Match-

Node

marela520_master_firmwareMatch-

AND

marela520_masterMatch-

Node

marela520_slave_firmwareMatch-

AND

marela520_slaveMatch-

Node

marela530_firmwareMatch-

AND

marela530Match-

Node

marela542_firmwareMatch-

AND

marela542Match-

Node

marela571_firmwareMatch-

AND

marela571Match-

Node

marelcheck_bin_grader_firmwareMatch-

AND

marelcheck_bin_graderMatch-

Node

marelflowlineqc_t376_firmwareMatch-

AND

marelflowlineqc_t376Match-

Node

marelipm3_dual_cam_firmwareMatch132

AND

marelipm3_dual_camMatch-

Node

marelipm3_dual_cam_firmwareMatch139

AND

marelipm3_dual_camMatch-

Node

marelipm3_dual_cam_firmwareMatch132

AND

marelipm3_dual_camMatch-

Node

marelp520_firmwareMatch-

AND

marelp520Match-

Node

marelp574_firmwareMatch-

AND

marelp574Match-

Node

marelsensorx13_qc_flow_line_firmwareMatch-

AND

marelsensorx13_qc_flow_lineMatch-

Node

marelsensorx23_qc_master_firmwareMatch-

AND

marelsensorx23_qc_masterMatch-

Node

marelsensorx23_qc_slave_firmwareMatch-

AND

marelsensorx23_qc_slaveMatch-

Node

marelspeed_batcher_firmwareMatch-

AND

marelspeed_batcherMatch-

Node

marelt374_firmwareMatch-

AND

marelt374Match-

Node

marelt377_firmwareMatch-

AND

marelt377Match-

Node

marelv36_firmwareMatch-

AND

marelv36Match-

Node

marelv36b_firmwareMatch-

AND

marelv36bMatch-

Node

marelv36c_firmwareMatch-

AND

marelv36cMatch-

CPENameOperatorVersion
marel:a320_firmwaremarel a320 firmwareeq-

CPE	Name	Operator	Version
marel:a320_firmware	marel a320 firmware	eq	-

CNA Affected

[
  {
    "product": "Marel Food Processing Systems",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Marel Food Processing Systems"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97388

ics-cert.us-cert.gov/advisories/ICSA-17-094-02

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.5%

JSON

Related for CVE-2016-9358

prion1 cvelist1 nvd1 ics3