SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-141238030] Marel Food Processing Systems

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-04-04OtherMarelDaniel Lance reported these vulnerabilities to ICS-CERT. N/ACVE-2016-9358 CVE-2017-6041 N/AN/AN/A

Source

						
							
								
#
# Marel Food Processing Systems
#


### VULNERABLE VENDOR
Marel


### VULNERABLE PRODUCT
Food Processing Systems



### RESEARCHER
Daniel Lance reported these vulnerabilities to ICS-CERT.



### AFFECTED PRODUCTS

The following Marel food processing products are affected:

M3000 terminal associated with the following systems:

A320,
A325,
A371,
A520 Master,
A520 Slave,
A530,
A542,
A571,
Check Bin Grader,
FlowlineQC T376,
IPM3 Dual Cam v132,
IPM3 Dual Cam v139,
IPM3 Single Cam v132,
P520,
P574,
SensorX13 QC flow line,
SensorX23 QC Master,
SensorX23 QC Slave,
Speed Batcher,
T374,
T377,
V36,
V36B, and
V36C.
M3210 terminal associated with the same systems as the M3000 terminal identified above,
M3000 desktop software associated with the same systems as the M3000 terminal identified above,
MAC4 controller associated with the same systems as the M3000 terminal identified above,
SensorX23 X-ray machine,
SensorX25 X-ray machine, and
MWS2 weighing system.



### IMPACT

A remote attacker may be able to gain unauthorized administrative access to affected devices.



### VULNERABILITY OVERVIEW

USE OF HARD-CODED PASSWORDS CWE-259
The end user does not have the ability to change system passwords.
CVE-2016-9358 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.
CVE-2017-6041 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sector: Food and Agriculture
Countries/Areas Deployed: United States, Europe, South America, and Asia
Company Headquarters Location: Iceland




### MITIGATION

Marel has not produced an update to mitigate these vulnerabilities.