Sign-up

ID

VAR-201706-0465


CVE

CVE-2017-6041


TITLE

plural Marel Food Processing System Unsafe upload of dangerous file types in product firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005286

DESCRIPTION

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection. plural Marel Food Processing System The product firmware contains a vulnerability related to the unlimited uploading of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MarelSensorX25X-rayMachine and others are products of the medical industry of Iceland Marel that provide various medical tests. There are arbitrary file upload vulnerabilities in MarelFoodProcessingSystems in several Marel products. Marel Food Processing Systems are prone to following security vulnerabilities: 1. A security-bypass vulnerability. 2. Marel SensorX25 X-ray Machine, etc

Trust: 2.7

sources: NVD: CVE-2017-6041 // JVNDB: JVNDB-2017-005286 // CNVD: CNVD-2017-05777 // BID: 97388 // IVD: 688c5c78-70ee-4494-8465-824cb5226abf // VULHUB: VHN-114244

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNVD: CNVD-2017-05777

AFFECTED PRODUCTS

vendor:marelmodel:sensorx13 qc flow linescope:eqversion: -

Trust: 1.6

vendor:marelmodel:a371scope:eqversion: -

Trust: 1.6

vendor:marelmodel:p574scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a320scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a530scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a520 slavescope:eqversion: -

Trust: 1.6

vendor:marelmodel:ipm3 dual camscope:eqversion:132

Trust: 1.6

vendor:marelmodel:p520scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a520 masterscope:eqversion: -

Trust: 1.6

vendor:marelmodel:a325scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a571scope:eqversion: -

Trust: 1.0

vendor:marelmodel:v36cscope:eqversion: -

Trust: 1.0

vendor:marelmodel:ipm3 dual camscope:eqversion:139

Trust: 1.0

vendor:marelmodel:sensorx23 qc masterscope:eqversion: -

Trust: 1.0

vendor:marelmodel:t377scope:eqversion: -

Trust: 1.0

vendor:marelmodel:speed batcherscope:eqversion: -

Trust: 1.0

vendor:marelmodel:t374scope:eqversion: -

Trust: 1.0

vendor:marelmodel:v36bscope:eqversion: -

Trust: 1.0

vendor:marelmodel:sensorx23 qc slavescope:eqversion: -

Trust: 1.0

vendor:marelmodel:flowlineqc t376scope:eqversion: -

Trust: 1.0

vendor:marelmodel:check bin graderscope:eqversion: -

Trust: 1.0

vendor:marelmodel:a542scope:eqversion: -

Trust: 1.0

vendor:marelmodel:v36scope:eqversion: -

Trust: 1.0

vendor:marelmodel:a320scope: - version: -

Trust: 0.8

vendor:marelmodel:a325scope: - version: -

Trust: 0.8

vendor:marelmodel:a371scope: - version: -

Trust: 0.8

vendor:marelmodel:a520 masterscope: - version: -

Trust: 0.8

vendor:marelmodel:a520 slavescope: - version: -

Trust: 0.8

vendor:marelmodel:a530scope: - version: -

Trust: 0.8

vendor:marelmodel:a542scope: - version: -

Trust: 0.8

vendor:marelmodel:a571scope: - version: -

Trust: 0.8

vendor:marelmodel:check bin graderscope: - version: -

Trust: 0.8

vendor:marelmodel:flowlineqc t376scope: - version: -

Trust: 0.8

vendor:marelmodel:ipm3 dual camscope: - version: -

Trust: 0.8

vendor:marelmodel:ipm3 single camscope: - version: -

Trust: 0.8

vendor:marelmodel:p520scope: - version: -

Trust: 0.8

vendor:marelmodel:p574scope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx13 qc flow linescope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx23 qc masterscope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx23 qc slavescope: - version: -

Trust: 0.8

vendor:marelmodel:speed batcherscope: - version: -

Trust: 0.8

vendor:marelmodel:t374scope: - version: -

Trust: 0.8

vendor:marelmodel:t377scope: - version: -

Trust: 0.8

vendor:marelmodel:v36scope: - version: -

Trust: 0.8

vendor:marelmodel:v36bscope: - version: -

Trust: 0.8

vendor:marelmodel:v36cscope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx25 x-ray machinescope: - version: -

Trust: 0.6

vendor:marelmodel:sensorx23 x-ray machinescope: - version: -

Trust: 0.6

vendor:marelmodel:mws2 weighing systemscope: - version: -

Trust: 0.6

vendor:marelmodel:mac4 controllerscope: - version: -

Trust: 0.6

vendor:marelmodel:m3210 terminascope: - version: -

Trust: 0.6

vendor:marelmodel:m3000 terminascope: - version: -

Trust: 0.6

vendor:ipm3 dual cammodel: - scope:eqversion:132

Trust: 0.4

vendor:marelmodel:sensorx25 x-ray machinescope:eqversion:0

Trust: 0.3

vendor:marelmodel:sensorx23 x-ray machinescope:eqversion:0

Trust: 0.3

vendor:marelmodel:mws2 weighing systemscope:eqversion:0

Trust: 0.3

vendor:marelmodel:mac4 controllerscope:eqversion:0

Trust: 0.3

vendor:marelmodel:m3210 terminalscope:eqversion:0

Trust: 0.3

vendor:marelmodel:m3000 terminalscope:eqversion:0

Trust: 0.3

vendor:a320model: - scope:eqversion: -

Trust: 0.2

vendor:flowlineqc t376model: - scope:eqversion: -

Trust: 0.2

vendor:ipm3 dual cammodel: - scope:eqversion:139

Trust: 0.2

vendor:p520model: - scope:eqversion: -

Trust: 0.2

vendor:p574model: - scope:eqversion: -

Trust: 0.2

vendor:sensorx13 qc flow linemodel: - scope:eqversion: -

Trust: 0.2

vendor:sensorx23 qc mastermodel: - scope:eqversion: -

Trust: 0.2

vendor:sensorx23 qc slavemodel: - scope:eqversion: -

Trust: 0.2

vendor:speed batchermodel: - scope:eqversion: -

Trust: 0.2

vendor:a325model: - scope:eqversion: -

Trust: 0.2

vendor:t374model: - scope:eqversion: -

Trust: 0.2

vendor:t377model: - scope:eqversion: -

Trust: 0.2

vendor:v36model: - scope:eqversion: -

Trust: 0.2

vendor:v36bmodel: - scope:eqversion: -

Trust: 0.2

vendor:v36cmodel: - scope:eqversion: -

Trust: 0.2

vendor:a371model: - scope:eqversion: -

Trust: 0.2

vendor:a520 mastermodel: - scope:eqversion: -

Trust: 0.2

vendor:a520 slavemodel: - scope:eqversion: -

Trust: 0.2

vendor:a530model: - scope:eqversion: -

Trust: 0.2

vendor:a542model: - scope:eqversion: -

Trust: 0.2

vendor:a571model: - scope:eqversion: -

Trust: 0.2

vendor:check bin gradermodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNVD: CNVD-2017-05777 // BID: 97388 // JVNDB: JVNDB-2017-005286 // CNNVD: CNNVD-201704-318 // NVD: CVE-2017-6041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6041
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6041
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-05777
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-318
value: CRITICAL

Trust: 0.6

IVD: 688c5c78-70ee-4494-8465-824cb5226abf
value: CRITICAL

Trust: 0.2

VULHUB: VHN-114244
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6041
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05777
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 688c5c78-70ee-4494-8465-824cb5226abf
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-114244
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6041
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNVD: CNVD-2017-05777 // VULHUB: VHN-114244 // JVNDB: JVNDB-2017-005286 // CNNVD: CNNVD-201704-318 // NVD: CVE-2017-6041

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-114244 // JVNDB: JVNDB-2017-005286 // NVD: CVE-2017-6041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-318

TYPE

Code problem

Trust: 0.8

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNNVD: CNNVD-201704-318

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005286

PATCH
title:Top Pageurl:http://marel.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-005286

EXTERNAL IDS
db:NVDid:CVE-2017-6041
Trust: 3.6
db:BIDid:97388
Trust: 2.6
db:ICS CERTid:ICSA-17-094-02
Trust: 2.0
db:CNNVDid:CNNVD-201704-318
Trust: 0.9
db:CNVDid:CNVD-2017-05777
Trust: 0.8
db:ICS CERTid:ICSA-17-094-02B
Trust: 0.8
db:JVNDBid:JVNDB-2017-005286
Trust: 0.8
db:IVDid:688C5C78-70EE-4494-8465-824CB5226ABF
Trust: 0.2
db:VULHUBid:VHN-114244
Trust: 0.1
sources:
            
            
            IVD: 688c5c78-70ee-4494-8465-824cb5226abf // 
            
            
            
            CNVD: CNVD-2017-05777 // 
            
            
            
            VULHUB: VHN-114244 // 
            
            
            
            BID: 97388 // 
            
            
            
            JVNDB: JVNDB-2017-005286 // 
            
            
            
            CNNVD: CNNVD-201704-318 // 
            
            
            
            NVD: CVE-2017-6041

REFERENCES
url:http://www.securityfocus.com/bid/97388
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-02
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6041
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-02b
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6041
Trust: 0.8
url:http://marel.com/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-02 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05777 // 
            
            
            
            VULHUB: VHN-114244 // 
            
            
            
            BID: 97388 // 
            
            
            
            JVNDB: JVNDB-2017-005286 // 
            
            
            
            CNNVD: CNNVD-201704-318 // 
            
            
            
            NVD: CVE-2017-6041

CREDITS
Daniel Lance
Trust: 0.9
sources:
            
            
            BID: 97388 // 
            
            
            
            CNNVD: CNNVD-201704-318

SOURCES
db:IVDid:688c5c78-70ee-4494-8465-824cb5226abf
db:CNVDid:CNVD-2017-05777
db:VULHUBid:VHN-114244
db:BIDid:97388
db:JVNDBid:JVNDB-2017-005286
db:CNNVDid:CNNVD-201704-318
db:NVDid:CVE-2017-6041

LAST UPDATE DATE
2025-04-20T23:29:40.926000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05777date:2017-05-02T00:00:00
db:VULHUBid:VHN-114244date:2019-10-09T00:00:00
db:BIDid:97388date:2017-04-11T00:02:00
db:JVNDBid:JVNDB-2017-005286date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201704-318date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6041date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:688c5c78-70ee-4494-8465-824cb5226abfdate:2017-05-02T00:00:00
db:CNVDid:CNVD-2017-05777date:2017-05-02T00:00:00
db:VULHUBid:VHN-114244date:2017-06-30T00:00:00
db:BIDid:97388date:2017-04-04T00:00:00
db:JVNDBid:JVNDB-2017-005286date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201704-318date:2017-04-24T00:00:00
db:NVDid:CVE-2017-6041date:2017-06-30T03:29:00.563