Lucene search

K
cve[email protected]CVE-2016-9358
HistoryJun 30, 2017 - 3:29 a.m.

CVE-2016-9358

2017-06-3003:29:00
CWE-798
CWE-259
web.nvd.nist.gov
24
cve-2016-9358
hard-coded passwords
marel food processing systems
security vulnerability
information security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.5%

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.

Affected configurations

NVD
Node
marela320_firmwareMatch-
AND
marela320Match-
Node
marela325_firmwareMatch-
AND
marela325Match-
Node
marela371_firmwareMatch-
AND
marela371Match-
Node
marela520_master_firmwareMatch-
AND
marela520_masterMatch-
Node
marela520_slave_firmwareMatch-
AND
marela520_slaveMatch-
Node
marela530_firmwareMatch-
AND
marela530Match-
Node
marela542_firmwareMatch-
AND
marela542Match-
Node
marela571_firmwareMatch-
AND
marela571Match-
Node
marelcheck_bin_grader_firmwareMatch-
AND
marelcheck_bin_graderMatch-
Node
marelflowlineqc_t376_firmwareMatch-
AND
marelflowlineqc_t376Match-
Node
marelipm3_dual_cam_firmwareMatch132
AND
marelipm3_dual_camMatch-
Node
marelipm3_dual_cam_firmwareMatch139
AND
marelipm3_dual_camMatch-
Node
marelipm3_dual_cam_firmwareMatch132
AND
marelipm3_dual_camMatch-
Node
marelp520_firmwareMatch-
AND
marelp520Match-
Node
marelp574_firmwareMatch-
AND
marelp574Match-
Node
marelsensorx13_qc_flow_line_firmwareMatch-
AND
marelsensorx13_qc_flow_lineMatch-
Node
marelsensorx23_qc_master_firmwareMatch-
AND
marelsensorx23_qc_masterMatch-
Node
marelsensorx23_qc_slave_firmwareMatch-
AND
marelsensorx23_qc_slaveMatch-
Node
marelspeed_batcher_firmwareMatch-
AND
marelspeed_batcherMatch-
Node
marelt374_firmwareMatch-
AND
marelt374Match-
Node
marelt377_firmwareMatch-
AND
marelt377Match-
Node
marelv36_firmwareMatch-
AND
marelv36Match-
Node
marelv36b_firmwareMatch-
AND
marelv36bMatch-
Node
marelv36c_firmwareMatch-
AND
marelv36cMatch-

CNA Affected

[
  {
    "product": "Marel Food Processing Systems",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Marel Food Processing Systems"
      }
    ]
  }
]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

54.5%

Related for CVE-2016-9358