CVE-2017-6041 Information

Description

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320 A325 A371 A520 Master A520 Slave A530 A542 A571 Check Bin Grader FlowlineQC T376 IPM3 Dual Cam v132 IPM3 Dual Cam v139 IPM3 Single Cam v132 P520 P574 SensorX13 QC flow line SensorX23 QC Master SensorX23 QC Slave Speed Batcher T374 T377 V36 V36B and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/97388 https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8