9.8

CVE-2017-6041

EPSS 0.63%
Veröffentlicht 30.06.2017 03:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Marel ≫ A320 Firmware Version-

Marel ≫ A320 Version-

Marel ≫ A325 Firmware Version-

Marel ≫ A325 Version-

Marel ≫ A371 Firmware Version-

Marel ≫ A371 Version-

Marel ≫ A520 Master Firmware Version-

Marel ≫ A520 Master Version-

Marel ≫ A520 Slave Firmware Version-

Marel ≫ A520 Slave Version-

Marel ≫ A530 Firmware Version-

Marel ≫ A530 Version-

Marel ≫ A542 Firmware Version-

Marel ≫ A542 Version-

Marel ≫ A571 Firmware Version-

Marel ≫ A571 Version-

Marel ≫ Check Bin Grader Firmware Version-

Marel ≫ Check Bin Grader Version-

Marel ≫ Flowlineqc T376 Firmware Version-

Marel ≫ Flowlineqc T376 Version-

Marel ≫ Ipm3 Dual Cam Firmware Version132

Marel ≫ Ipm3 Dual Cam Version-

Marel ≫ Ipm3 Dual Cam Firmware Version139

Marel ≫ Ipm3 Dual Cam Version-

Marel ≫ Ipm3 Dual Cam Firmware Version132

Marel ≫ Ipm3 Dual Cam Version-

Marel ≫ P520 Firmware Version-

Marel ≫ P520 Version-

Marel ≫ P574 Firmware Version-

Marel ≫ P574 Version-

Marel ≫ Sensorx13 Qc Flow Line Firmware Version-

Marel ≫ Sensorx13 Qc Flow Line Version-

Marel ≫ Sensorx23 Qc Master Firmware Version-

Marel ≫ Sensorx23 Qc Master Version-

Marel ≫ Sensorx23 Qc Slave Firmware Version-

Marel ≫ Sensorx23 Qc Slave Version-

Marel ≫ Speed Batcher Firmware Version-

Marel ≫ Speed Batcher Version-

Marel ≫ T374 Firmware Version-

Marel ≫ T374 Version-

Marel ≫ T377 Firmware Version-

Marel ≫ T377 Version-

Marel ≫ V36 Firmware Version-

Marel ≫ V36 Version-

Marel ≫ V36b Firmware Version-

Marel ≫ V36b Version-

Marel ≫ V36c Firmware Version-

Marel ≫ V36c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.677

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://www.securityfocus.com/bid/97388

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-6041

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6041

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6041

EUVD