Sign-up

ID

VAR-201706-0465


CVE

CVE-2017-6041


TITLE

plural Marel Food Processing System Unsafe upload of dangerous file types in product firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005286

DESCRIPTION

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection. plural Marel Food Processing System The product firmware contains a vulnerability related to the unlimited uploading of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MarelSensorX25X-rayMachine and others are products of the medical industry of Iceland Marel that provide various medical tests. There are arbitrary file upload vulnerabilities in MarelFoodProcessingSystems in several Marel products. Marel Food Processing Systems are prone to following security vulnerabilities: 1. A security-bypass vulnerability. 2. Marel SensorX25 X-ray Machine, etc

Trust: 2.7

sources: NVD: CVE-2017-6041 // JVNDB: JVNDB-2017-005286 // CNVD: CNVD-2017-05777 // BID: 97388 // IVD: 688c5c78-70ee-4494-8465-824cb5226abf // VULHUB: VHN-114244

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNVD: CNVD-2017-05777

AFFECTED PRODUCTS

vendor:marelmodel:a530scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a325scope:eqversion: -

Trust: 1.6

vendor:marelmodel:ipm3 dual camscope:eqversion:132

Trust: 1.6

vendor:marelmodel:p520scope:eqversion: -

Trust: 1.6

vendor:marelmodel:sensorx13 qc flow linescope:eqversion: -

Trust: 1.6

vendor:marelmodel:a520 masterscope:eqversion: -

Trust: 1.6

vendor:marelmodel:a520 slavescope:eqversion: -

Trust: 1.6

vendor:marelmodel:p574scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a371scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a320scope:eqversion: -

Trust: 1.6

vendor:marelmodel:a542scope:eqversion: -

Trust: 1.0

vendor:marelmodel:check bin graderscope:eqversion: -

Trust: 1.0

vendor:marelmodel:ipm3 dual camscope:eqversion:139

Trust: 1.0

vendor:marelmodel:sensorx23 qc slavescope:eqversion: -

Trust: 1.0

vendor:marelmodel:t374scope:eqversion: -

Trust: 1.0

vendor:marelmodel:t377scope:eqversion: -

Trust: 1.0

vendor:marelmodel:flowlineqc t376scope:eqversion: -

Trust: 1.0

vendor:marelmodel:sensorx23 qc masterscope:eqversion: -

Trust: 1.0

vendor:marelmodel:v36cscope:eqversion: -

Trust: 1.0

vendor:marelmodel:v36scope:eqversion: -

Trust: 1.0

vendor:marelmodel:a571scope:eqversion: -

Trust: 1.0

vendor:marelmodel:v36bscope:eqversion: -

Trust: 1.0

vendor:marelmodel:speed batcherscope:eqversion: -

Trust: 1.0

vendor:marelmodel:a320scope: - version: -

Trust: 0.8

vendor:marelmodel:a325scope: - version: -

Trust: 0.8

vendor:marelmodel:a371scope: - version: -

Trust: 0.8

vendor:marelmodel:a520 masterscope: - version: -

Trust: 0.8

vendor:marelmodel:a520 slavescope: - version: -

Trust: 0.8

vendor:marelmodel:a530scope: - version: -

Trust: 0.8

vendor:marelmodel:a542scope: - version: -

Trust: 0.8

vendor:marelmodel:a571scope: - version: -

Trust: 0.8

vendor:marelmodel:check bin graderscope: - version: -

Trust: 0.8

vendor:marelmodel:flowlineqc t376scope: - version: -

Trust: 0.8

vendor:marelmodel:ipm3 dual camscope: - version: -

Trust: 0.8

vendor:marelmodel:ipm3 single camscope: - version: -

Trust: 0.8

vendor:marelmodel:p520scope: - version: -

Trust: 0.8

vendor:marelmodel:p574scope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx13 qc flow linescope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx23 qc masterscope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx23 qc slavescope: - version: -

Trust: 0.8

vendor:marelmodel:speed batcherscope: - version: -

Trust: 0.8

vendor:marelmodel:t374scope: - version: -

Trust: 0.8

vendor:marelmodel:t377scope: - version: -

Trust: 0.8

vendor:marelmodel:v36scope: - version: -

Trust: 0.8

vendor:marelmodel:v36bscope: - version: -

Trust: 0.8

vendor:marelmodel:v36cscope: - version: -

Trust: 0.8

vendor:marelmodel:sensorx25 x-ray machinescope: - version: -

Trust: 0.6

vendor:marelmodel:sensorx23 x-ray machinescope: - version: -

Trust: 0.6

vendor:marelmodel:mws2 weighing systemscope: - version: -

Trust: 0.6

vendor:marelmodel:mac4 controllerscope: - version: -

Trust: 0.6

vendor:marelmodel:m3210 terminascope: - version: -

Trust: 0.6

vendor:marelmodel:m3000 terminascope: - version: -

Trust: 0.6

vendor:ipm3 dual cammodel: - scope:eqversion:132

Trust: 0.4

vendor:marelmodel:sensorx25 x-ray machinescope:eqversion:0

Trust: 0.3

vendor:marelmodel:sensorx23 x-ray machinescope:eqversion:0

Trust: 0.3

vendor:marelmodel:mws2 weighing systemscope:eqversion:0

Trust: 0.3

vendor:marelmodel:mac4 controllerscope:eqversion:0

Trust: 0.3

vendor:marelmodel:m3210 terminalscope:eqversion:0

Trust: 0.3

vendor:marelmodel:m3000 terminalscope:eqversion:0

Trust: 0.3

vendor:a320model: - scope:eqversion: -

Trust: 0.2

vendor:flowlineqc t376model: - scope:eqversion: -

Trust: 0.2

vendor:ipm3 dual cammodel: - scope:eqversion:139

Trust: 0.2

vendor:p520model: - scope:eqversion: -

Trust: 0.2

vendor:p574model: - scope:eqversion: -

Trust: 0.2

vendor:sensorx13 qc flow linemodel: - scope:eqversion: -

Trust: 0.2

vendor:sensorx23 qc mastermodel: - scope:eqversion: -

Trust: 0.2

vendor:sensorx23 qc slavemodel: - scope:eqversion: -

Trust: 0.2

vendor:speed batchermodel: - scope:eqversion: -

Trust: 0.2

vendor:a325model: - scope:eqversion: -

Trust: 0.2

vendor:t374model: - scope:eqversion: -

Trust: 0.2

vendor:t377model: - scope:eqversion: -

Trust: 0.2

vendor:v36model: - scope:eqversion: -

Trust: 0.2

vendor:v36bmodel: - scope:eqversion: -

Trust: 0.2

vendor:v36cmodel: - scope:eqversion: -

Trust: 0.2

vendor:a371model: - scope:eqversion: -

Trust: 0.2

vendor:a520 mastermodel: - scope:eqversion: -

Trust: 0.2

vendor:a520 slavemodel: - scope:eqversion: -

Trust: 0.2

vendor:a530model: - scope:eqversion: -

Trust: 0.2

vendor:a542model: - scope:eqversion: -

Trust: 0.2

vendor:a571model: - scope:eqversion: -

Trust: 0.2

vendor:check bin gradermodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNVD: CNVD-2017-05777 // BID: 97388 // JVNDB: JVNDB-2017-005286 // NVD: CVE-2017-6041 // CNNVD: CNNVD-201704-318

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-6041
value: CRITICAL

Trust: 1.8

CNVD: CNVD-2017-05777
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-318
value: CRITICAL

Trust: 0.6

IVD: 688c5c78-70ee-4494-8465-824cb5226abf
value: CRITICAL

Trust: 0.2

VULHUB: VHN-114244
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-6041
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-05777
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 688c5c78-70ee-4494-8465-824cb5226abf
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-114244
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2017-6041
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNVD: CNVD-2017-05777 // VULHUB: VHN-114244 // JVNDB: JVNDB-2017-005286 // NVD: CVE-2017-6041 // CNNVD: CNNVD-201704-318

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-114244 // JVNDB: JVNDB-2017-005286 // NVD: CVE-2017-6041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-318

TYPE

Code problem

Trust: 0.8

sources: IVD: 688c5c78-70ee-4494-8465-824cb5226abf // CNNVD: CNNVD-201704-318

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-6041

PATCH
title:Top Pageurl:http://marel.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-005286

EXTERNAL IDS
db:NVDid:CVE-2017-6041
Trust: 3.6
db:BIDid:97388
Trust: 2.6
db:ICS CERTid:ICSA-17-094-02
Trust: 2.0
db:CNNVDid:CNNVD-201704-318
Trust: 0.9
db:CNVDid:CNVD-2017-05777
Trust: 0.8
db:ICS CERTid:ICSA-17-094-02B
Trust: 0.8
db:JVNDBid:JVNDB-2017-005286
Trust: 0.8
db:IVDid:688C5C78-70EE-4494-8465-824CB5226ABF
Trust: 0.2
db:VULHUBid:VHN-114244
Trust: 0.1
sources:
            
            
            IVD: 688c5c78-70ee-4494-8465-824cb5226abf // 
            
            
            
            CNVD: CNVD-2017-05777 // 
            
            
            
            VULHUB: VHN-114244 // 
            
            
            
            BID: 97388 // 
            
            
            
            JVNDB: JVNDB-2017-005286 // 
            
            
            
            NVD: CVE-2017-6041 // 
            
            
            
            CNNVD: CNNVD-201704-318

REFERENCES
url:http://www.securityfocus.com/bid/97388
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-02
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6041
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-02b
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6041
Trust: 0.8
url:http://marel.com/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-094-02 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05777 // 
            
            
            
            VULHUB: VHN-114244 // 
            
            
            
            BID: 97388 // 
            
            
            
            JVNDB: JVNDB-2017-005286 // 
            
            
            
            NVD: CVE-2017-6041 // 
            
            
            
            CNNVD: CNNVD-201704-318

CREDITS
Daniel Lance
Trust: 0.9
sources:
            
            
            BID: 97388 // 
            
            
            
            CNNVD: CNNVD-201704-318

SOURCES
db:IVDid:688c5c78-70ee-4494-8465-824cb5226abf
db:CNVDid:CNVD-2017-05777
db:VULHUBid:VHN-114244
db:BIDid:97388
db:JVNDBid:JVNDB-2017-005286
db:NVDid:CVE-2017-6041
db:CNNVDid:CNNVD-201704-318

LAST UPDATE DATE
2023-12-18T12:43:36.285000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05777date:2017-05-02T00:00:00
db:VULHUBid:VHN-114244date:2019-10-09T00:00:00
db:BIDid:97388date:2017-04-11T00:02:00
db:JVNDBid:JVNDB-2017-005286date:2017-07-25T00:00:00
db:NVDid:CVE-2017-6041date:2019-10-09T23:28:37.043
db:CNNVDid:CNNVD-201704-318date:2019-10-17T00:00:00

SOURCES RELEASE DATE
db:IVDid:688c5c78-70ee-4494-8465-824cb5226abfdate:2017-05-02T00:00:00
db:CNVDid:CNVD-2017-05777date:2017-05-02T00:00:00
db:VULHUBid:VHN-114244date:2017-06-30T00:00:00
db:BIDid:97388date:2017-04-04T00:00:00
db:JVNDBid:JVNDB-2017-005286date:2017-07-25T00:00:00
db:NVDid:CVE-2017-6041date:2017-06-30T03:29:00.563
db:CNNVDid:CNNVD-201704-318date:2017-04-24T00:00:00