Lucene search

[email protected]CVE-2017-6041

HistoryJun 30, 2017 - 3:29 a.m.

CVE-2017-6041

2017-06-3003:29:00

CWE-434

[email protected]

web.nvd.nist.gov

cve-2017-6041

marel

unrestricted upload

firmware

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

CPENameOperatorVersion
marel:a320_firmwaremarel a320 firmwareeq-
marel:a325_firmwaremarel a325 firmwareeq-
marel:a371_firmwaremarel a371 firmwareeq-
marel:a520_master_firmwaremarel a520 master firmwareeq-
marel:a520_slave_firmwaremarel a520 slave firmwareeq-
marel:a530_firmwaremarel a530 firmwareeq-
marel:a542_firmwaremarel a542 firmwareeq-
marel:a571_firmwaremarel a571 firmwareeq-
marel:check_bin_grader_firmwaremarel check bin grader firmwareeq-
marel:flowlineqc_t376_firmwaremarel flowlineqc t376 firmwareeq-

CPE	Name	Operator	Version
marel:a320_firmware	marel a320 firmware	eq	-
marel:a325_firmware	marel a325 firmware	eq	-
marel:a371_firmware	marel a371 firmware	eq	-
marel:a520_master_firmware	marel a520 master firmware	eq	-
marel:a520_slave_firmware	marel a520 slave firmware	eq	-
marel:a530_firmware	marel a530 firmware	eq	-
marel:a542_firmware	marel a542 firmware	eq	-
marel:a571_firmware	marel a571 firmware	eq	-
marel:check_bin_grader_firmware	marel check bin grader firmware	eq	-
marel:flowlineqc_t376_firmware	marel flowlineqc t376 firmware	eq	-

Rows per page:

1-10 of 231

References

www.securityfocus.com/bid/97388

ics-cert.us-cert.gov/advisories/ICSA-17-094-02

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2017-6041

cvelist1 prion1 ics3