9.8 - CVE-2017-6041

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2017-6041	First vendor Publication	2017-06-29
Vendor	Cve	Last vendor Modification	2019-10-09

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6041

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-434	Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Os	Marel A320 Firmware cpe:2.3:o:marel:a320_firmware:-:::::::*	1
Os	Marel A325 Firmware cpe:2.3:o:marel:a325_firmware:-:::::::*	1
Os	Marel A371 Firmware cpe:2.3:o:marel:a371_firmware:-:::::::*	1
Os	Marel A520 Master Firmware cpe:2.3:o:marel:a520_master_firmware:-:::::::*	1
Os	Marel A520 Slave Firmware cpe:2.3:o:marel:a520_slave_firmware:-:::::::*	1
Os	Marel A530 Firmware cpe:2.3:o:marel:a530_firmware:-:::::::*	1
Os	Marel A542 Firmware cpe:2.3:o:marel:a542_firmware:-:::::::*	1
Os	Marel A571 Firmware cpe:2.3:o:marel:a571_firmware:-:::::::*	1
Os	Marel Check Bin Grader Firmware cpe:2.3:o:marel:check_bin_grader_firmware:-:::::::*	1
Os	Marel Flowlineqc T376 Firmware cpe:2.3:o:marel:flowlineqc_t376_firmware:-:::::::*	1
Os	Marel Ipm3 Dual Cam Firmware cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:::::::* cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:::::::*	2
Os	Marel P520 Firmware cpe:2.3:o:marel:p520_firmware:-:::::::*	1
Os	Marel P574 Firmware cpe:2.3:o:marel:p574_firmware:-:::::::*	1
Os	Marel Sensorx13 Qc Flow Line Firmware cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:::::::*	1
Os	Marel Sensorx23 Qc Master Firmware cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:::::::*	1
Os	Marel Sensorx23 Qc Slave Firmware cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:::::::*	1
Os	Marel Speed Batcher Firmware cpe:2.3:o:marel:speed_batcher_firmware:-:::::::*	1
Os	Marel T374 Firmware cpe:2.3:o:marel:t374_firmware:-:::::::*	1
Os	Marel T377 Firmware cpe:2.3:o:marel:t377_firmware:-:::::::*	1
Os	Marel V36 Firmware cpe:2.3:o:marel:v36_firmware:-:::::::*	1
Os	Marel V36B Firmware cpe:2.3:o:marel:v36b_firmware:-:::::::*	1
Os	Marel V36C Firmware cpe:2.3:o:marel:v36c_firmware:-:::::::*	1

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/97388
MISC	https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-05-23 01:03:05	Multiple Updates
2019-10-10 05:20:02	Multiple Updates
2017-07-07 21:23:11	Multiple Updates
2017-07-01 09:23:58	Multiple Updates
2017-06-30 09:22:47	First insertion

9.8 - CVE-2017-6041

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU