Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-9358 (GCVE-0-2016-9358)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-06 02:50
VLAI
EPSS
Summary
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97388 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Marel Food Processing Systems |
Affected:
Marel Food Processing Systems
|
Date Public
2017-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Marel Food Processing Systems",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Marel Food Processing Systems"
}
]
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "97388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marel Food Processing Systems",
"version": {
"version_data": [
{
"version_value": "Marel Food Processing Systems"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97388"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9358",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2016-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:37.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-9358",
"date": "2026-05-28",
"epss": "0.00545",
"percentile": "0.68036"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93191ACD-DF7E-4EE1-9396-5F87BE4BB414\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A569889-0558-4788-9243-6AF94F211CE0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BB917C8-69E5-4225-8CBF-B64F559B1227\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a325:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B6F958A-27ED-4BD7-B9BE-1E7CF12AE858\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11916717-347F-418A-9222-8D7A69836B39\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a371:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"130F7106-6439-4A7F-BF38-31669FEE3402\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BBE36F1-1D3E-4C30-8017-623EB45F413B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a520_master:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9B7F2B3-990A-4B13-BB55-10CFF2438B5D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F635EC13-DD73-4198-8A06-20CB7520B937\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a520_slave:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45DB8E00-26BC-48D3-8F89-2396A112C6D3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E734B17C-E7C8-48B1-8240-825C3AEC41B3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a530:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6EDAD0F-E50F-460C-B572-1CB72285DACB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7CBE310-04B6-4844-B5F7-180CA5DF524F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a542:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF3DF08D-46C7-4540-AC8A-1E14727DBEB4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"797CFA0D-60DF-4749-B1C6-FADA0D9FCC2D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:a571:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D332991E-5CCE-44C0-A438-B7209E373304\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2802D79A-DE9F-4CA0-9517-953337827DD0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:check_bin_grader:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48058F05-3E5F-4FC8-9B42-8ADB88D86762\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8421719-5050-49CF-8FBD-566F0359DE36\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:flowlineqc_t376:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F06F792-297C-447A-8E11-CDB4EEE1B158\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB7CB690-FEE4-480E-A1B4-9503D5099945\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C816AF7E-3FDC-46D8-AEBC-75C3B4600653\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8513725-09B4-43F5-9685-32839B7809FB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C816AF7E-3FDC-46D8-AEBC-75C3B4600653\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB7CB690-FEE4-480E-A1B4-9503D5099945\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C816AF7E-3FDC-46D8-AEBC-75C3B4600653\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0AEA79E-9F9D-4098-B3F7-876913CBDC8C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:p520:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"384ED7B9-4B83-4E72-A48E-8A67E2A29C9C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"212EC3DC-4868-4E1E-AD35-93BDD1EF1297\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:p574:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E4A4869-50BE-4E9D-99B7-535CF1329778\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78C1496A-69B1-48DC-904A-CD44F0ACE5A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:sensorx13_qc_flow_line:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DD15EDF-EE4F-4248-B43F-331598FBE5D8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3FCCB05-25F5-4C20-96D9-0907320FCAD0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:sensorx23_qc_master:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26D24ACE-8639-4FAC-A53D-A483EA98B256\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F46DC1-2487-4B62-97E7-EDE1F28EEA74\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:sensorx23_qc_slave:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"663A11BB-6596-43CF-BCC3-C424F2E9305F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68C8ADA0-0247-4222-835A-C1105DCF0C34\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:speed_batcher:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B164735A-B2DC-4FC6-BB49-A1564BB29BDA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39E32E5B-278B-4A99-98D0-63C703997DF5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:t374:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3DEFFF4-6619-4738-9D63-356224CD96A1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B3C440B-6167-471A-9E74-218023AFC823\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:t377:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41FCBD6D-D9A3-498B-93F5-6952747669B2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DB75BCF-DCA2-48D8-BD29-0878ABE2E015\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:v36:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AB6A6F0-3ACA-4772-BE2E-8A2E5C50CA0C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C28936CB-D8D2-4B54-B54B-50E541F620EE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:v36b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"726488AE-F14A-4C95-8CBE-BFC3CB9D2081\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8120591B-772A-45EB-9B28-A4AC58A270F5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:marel:v36c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"806F5060-EAD6-48DF-829E-118C87F724C2\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema de contrase\\u00f1as codificadas en el terminal M3000 de Marel Food Processing Systems asociado con los siguientes sistemas: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual V139 , IPM3 Single Cam v132, P520, P574, l\\u00ednea de flujo SensorX13 QC, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B y V36C; Terminal M3210 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; Software de escritorio M3000 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; Controlador MAC4 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; SensorX23 M\\u00e1quina de rayos X; SensorX25 M\\u00e1quina de rayos X; y el sistema de pesaje MWS2. El usuario final no tiene la capacidad de cambiar contrase\\u00f1as del sistema.\"}]",
"id": "CVE-2016-9358",
"lastModified": "2024-11-21T03:01:00.913",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-06-30T03:29:00.187",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/97388\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/97388\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-259\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-9358\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-06-30T03:29:00.187\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema de contrase\u00f1as codificadas en el terminal M3000 de Marel Food Processing Systems asociado con los siguientes sistemas: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual V139 , IPM3 Single Cam v132, P520, P574, l\u00ednea de flujo SensorX13 QC, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B y V36C; Terminal M3210 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; Software de escritorio M3000 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; Controlador MAC4 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; SensorX23 M\u00e1quina de rayos X; SensorX25 M\u00e1quina de rayos X; y el sistema de pesaje MWS2. El usuario final no tiene la capacidad de cambiar contrase\u00f1as del sistema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-259\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93191ACD-DF7E-4EE1-9396-5F87BE4BB414\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A569889-0558-4788-9243-6AF94F211CE0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB917C8-69E5-4225-8CBF-B64F559B1227\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a325:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B6F958A-27ED-4BD7-B9BE-1E7CF12AE858\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11916717-347F-418A-9222-8D7A69836B39\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a371:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"130F7106-6439-4A7F-BF38-31669FEE3402\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBE36F1-1D3E-4C30-8017-623EB45F413B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a520_master:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9B7F2B3-990A-4B13-BB55-10CFF2438B5D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F635EC13-DD73-4198-8A06-20CB7520B937\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a520_slave:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45DB8E00-26BC-48D3-8F89-2396A112C6D3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E734B17C-E7C8-48B1-8240-825C3AEC41B3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a530:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6EDAD0F-E50F-460C-B572-1CB72285DACB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7CBE310-04B6-4844-B5F7-180CA5DF524F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a542:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF3DF08D-46C7-4540-AC8A-1E14727DBEB4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797CFA0D-60DF-4749-B1C6-FADA0D9FCC2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:a571:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D332991E-5CCE-44C0-A438-B7209E373304\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2802D79A-DE9F-4CA0-9517-953337827DD0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:check_bin_grader:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48058F05-3E5F-4FC8-9B42-8ADB88D86762\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8421719-5050-49CF-8FBD-566F0359DE36\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:flowlineqc_t376:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F06F792-297C-447A-8E11-CDB4EEE1B158\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB7CB690-FEE4-480E-A1B4-9503D5099945\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C816AF7E-3FDC-46D8-AEBC-75C3B4600653\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8513725-09B4-43F5-9685-32839B7809FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C816AF7E-3FDC-46D8-AEBC-75C3B4600653\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB7CB690-FEE4-480E-A1B4-9503D5099945\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C816AF7E-3FDC-46D8-AEBC-75C3B4600653\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AEA79E-9F9D-4098-B3F7-876913CBDC8C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:p520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"384ED7B9-4B83-4E72-A48E-8A67E2A29C9C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"212EC3DC-4868-4E1E-AD35-93BDD1EF1297\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:p574:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E4A4869-50BE-4E9D-99B7-535CF1329778\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78C1496A-69B1-48DC-904A-CD44F0ACE5A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:sensorx13_qc_flow_line:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DD15EDF-EE4F-4248-B43F-331598FBE5D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3FCCB05-25F5-4C20-96D9-0907320FCAD0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:sensorx23_qc_master:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26D24ACE-8639-4FAC-A53D-A483EA98B256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F46DC1-2487-4B62-97E7-EDE1F28EEA74\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:sensorx23_qc_slave:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"663A11BB-6596-43CF-BCC3-C424F2E9305F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C8ADA0-0247-4222-835A-C1105DCF0C34\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:speed_batcher:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B164735A-B2DC-4FC6-BB49-A1564BB29BDA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39E32E5B-278B-4A99-98D0-63C703997DF5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:t374:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3DEFFF4-6619-4738-9D63-356224CD96A1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B3C440B-6167-471A-9E74-218023AFC823\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:t377:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41FCBD6D-D9A3-498B-93F5-6952747669B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DB75BCF-DCA2-48D8-BD29-0878ABE2E015\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:v36:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AB6A6F0-3ACA-4772-BE2E-8A2E5C50CA0C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C28936CB-D8D2-4B54-B54B-50E541F620EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:v36b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"726488AE-F14A-4C95-8CBE-BFC3CB9D2081\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8120591B-772A-45EB-9B28-A4AC58A270F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:marel:v36c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"806F5060-EAD6-48DF-829E-118C87F724C2\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97388\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/97388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CNVD-2017-05478
Vulnerability from cnvd - Published: 2017-04-27
VLAI
Title
多款Marel产品安全绕过漏洞
Description
Marel SensorX25 X-ray Machine等都是冰岛Marel公司的应用于医疗行业的提供各种医学检测的产品。
多款Marel产品中存在安全绕过漏洞,该漏洞源于程序使用硬编码证书。远程攻击者可利用该漏洞未授权访问受影响的设备。
Severity
高
Formal description
目前没有详细的解决方案提供: http://marel.com/
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02
Impacted products
| Name | ['Marel SensorX25 X-ray Machine', 'Marel SensorX23 X-ray machine', 'Marel MWS2 Weighing System', 'Marel MAC4 Controller', 'Marel M3210 Termina', 'Marel M3000 Termina'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "97388"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-9358",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9358"
}
},
"description": "Marel SensorX25 X-ray Machine\u7b49\u90fd\u662f\u51b0\u5c9bMarel\u516c\u53f8\u7684\u5e94\u7528\u4e8e\u533b\u7597\u884c\u4e1a\u7684\u63d0\u4f9b\u5404\u79cd\u533b\u5b66\u68c0\u6d4b\u7684\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eMarel\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u786c\u7f16\u7801\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u3002",
"discovererName": "Daniel Lance",
"formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://marel.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-05478",
"openTime": "2017-04-27",
"products": {
"product": [
"Marel SensorX25 X-ray Machine",
"Marel SensorX23 X-ray machine",
"Marel MWS2 Weighing System",
"Marel MAC4 Controller",
"Marel M3210 Termina",
"Marel M3000 Termina"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02",
"serverity": "\u9ad8",
"submitTime": "2017-04-13",
"title": "\u591a\u6b3eMarel\u4ea7\u54c1\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
FKIE_CVE-2016-9358
Vulnerability from fkie_nvd - Published: 2017-06-30 03:29 - Updated: 2026-05-13 00:24
Severity
Summary
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/97388 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97388 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93191ACD-DF7E-4EE1-9396-5F87BE4BB414",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A569889-0558-4788-9243-6AF94F211CE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB917C8-69E5-4225-8CBF-B64F559B1227",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6F958A-27ED-4BD7-B9BE-1E7CF12AE858",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11916717-347F-418A-9222-8D7A69836B39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a371:-:*:*:*:*:*:*:*",
"matchCriteriaId": "130F7106-6439-4A7F-BF38-31669FEE3402",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBE36F1-1D3E-4C30-8017-623EB45F413B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a520_master:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B7F2B3-990A-4B13-BB55-10CFF2438B5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F635EC13-DD73-4198-8A06-20CB7520B937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a520_slave:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45DB8E00-26BC-48D3-8F89-2396A112C6D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E734B17C-E7C8-48B1-8240-825C3AEC41B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EDAD0F-E50F-460C-B572-1CB72285DACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBE310-04B6-4844-B5F7-180CA5DF524F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a542:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3DF08D-46C7-4540-AC8A-1E14727DBEB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "797CFA0D-60DF-4749-B1C6-FADA0D9FCC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:a571:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D332991E-5CCE-44C0-A438-B7209E373304",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2802D79A-DE9F-4CA0-9517-953337827DD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:check_bin_grader:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48058F05-3E5F-4FC8-9B42-8ADB88D86762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8421719-5050-49CF-8FBD-566F0359DE36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:flowlineqc_t376:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F06F792-297C-447A-8E11-CDB4EEE1B158",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7CB690-FEE4-480E-A1B4-9503D5099945",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*",
"matchCriteriaId": "B8513725-09B4-43F5-9685-32839B7809FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7CB690-FEE4-480E-A1B4-9503D5099945",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C816AF7E-3FDC-46D8-AEBC-75C3B4600653",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AEA79E-9F9D-4098-B3F7-876913CBDC8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:p520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "384ED7B9-4B83-4E72-A48E-8A67E2A29C9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212EC3DC-4868-4E1E-AD35-93BDD1EF1297",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:p574:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4A4869-50BE-4E9D-99B7-535CF1329778",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78C1496A-69B1-48DC-904A-CD44F0ACE5A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:sensorx13_qc_flow_line:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD15EDF-EE4F-4248-B43F-331598FBE5D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FCCB05-25F5-4C20-96D9-0907320FCAD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:sensorx23_qc_master:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26D24ACE-8639-4FAC-A53D-A483EA98B256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58F46DC1-2487-4B62-97E7-EDE1F28EEA74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:sensorx23_qc_slave:-:*:*:*:*:*:*:*",
"matchCriteriaId": "663A11BB-6596-43CF-BCC3-C424F2E9305F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68C8ADA0-0247-4222-835A-C1105DCF0C34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:speed_batcher:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B164735A-B2DC-4FC6-BB49-A1564BB29BDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E32E5B-278B-4A99-98D0-63C703997DF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:t374:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DEFFF4-6619-4738-9D63-356224CD96A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3C440B-6167-471A-9E74-218023AFC823",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:t377:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41FCBD6D-D9A3-498B-93F5-6952747669B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB75BCF-DCA2-48D8-BD29-0878ABE2E015",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:v36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB6A6F0-3ACA-4772-BE2E-8A2E5C50CA0C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C28936CB-D8D2-4B54-B54B-50E541F620EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:v36b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "726488AE-F14A-4C95-8CBE-BFC3CB9D2081",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8120591B-772A-45EB-9B28-A4AC58A270F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:marel:v36c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "806F5060-EAD6-48DF-829E-118C87F724C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de contrase\u00f1as codificadas en el terminal M3000 de Marel Food Processing Systems asociado con los siguientes sistemas: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual V139 , IPM3 Single Cam v132, P520, P574, l\u00ednea de flujo SensorX13 QC, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B y V36C; Terminal M3210 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; Software de escritorio M3000 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; Controlador MAC4 asociado a los mismos sistemas que el terminal M3000 identificado anteriormente; SensorX23 M\u00e1quina de rayos X; SensorX25 M\u00e1quina de rayos X; y el sistema de pesaje MWS2. El usuario final no tiene la capacidad de cambiar contrase\u00f1as del sistema."
}
],
"id": "CVE-2016-9358",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-30T03:29:00.187",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97388"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-259"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XG2Q-C9M7-C58F
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2016-9358"
],
"database_specific": {
"cwe_ids": [
"CWE-259",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-30T03:29:00Z",
"severity": "CRITICAL"
},
"details": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.",
"id": "GHSA-xg2q-c9m7-c58f",
"modified": "2022-05-13T01:38:33Z",
"published": "2022-05-13T01:38:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9358"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97388"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-9358
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-9358",
"description": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.",
"id": "GSD-2016-9358"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-9358"
],
"details": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.",
"id": "GSD-2016-9358",
"modified": "2023-12-13T01:21:21.807934Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marel Food Processing Systems",
"version": {
"version_data": [
{
"version_value": "Marel Food Processing Systems"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97388"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a325:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a371:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a520_master:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a520_slave:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a530:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a542:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a571:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:check_bin_grader:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:flowlineqc_t376:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:p520:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:p574:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:sensorx13_qc_flow_line:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:sensorx23_qc_master:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:sensorx23_qc_slave:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:speed_batcher:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:t374:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:t377:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:v36:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:v36b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:v36c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9358"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02"
},
{
"name": "97388",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97388"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:20Z",
"publishedDate": "2017-06-30T03:29Z"
}
}
}
ICSA-17-094-02B
Vulnerability from csaf_cisa - Published: 2017-04-04 00:00 - Updated: 2017-10-12 00:00Summary
Marel Food Processing Systems (Update B)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: ATTENTION: Remotely exploitable/low skill level to exploit.
Countries/areas deployed: United States, Europe, South America, and Asia
Company headquarters location: Iceland
Recommended Practices: ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Recommended Practices: Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Graders using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Portioning Machines using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Flowline systems using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Packing systems using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SensorX machines using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Target Batchers using M3000 terminal, and
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SpeedBatchers using M3000 terminal
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Graders using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Portioning Machines using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Flowline systems using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Packing systems using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SensorX machines using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Target Batchers using Pluto platform, and
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SpeedBatchers using Pluto platform
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
9.8 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Graders using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Portioning Machines using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Flowline systems using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Packing systems using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SensorX machines using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Target Batchers using M3000 terminal, and
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SpeedBatchers using M3000 terminal
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Graders using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Portioning Machines using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Flowline systems using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Packing systems using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SensorX machines using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Target Batchers using Pluto platform, and
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SpeedBatchers using Pluto platform
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
9.8 (Critical)
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Graders using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Portioning Machines using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Flowline systems using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Packing systems using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SensorX machines using M3000 terminal,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Target Batchers using M3000 terminal, and
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SpeedBatchers using M3000 terminal
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Graders using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Portioning Machines using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Flowline systems using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Packing systems using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SensorX machines using Pluto platform,
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Target Batchers using Pluto platform, and
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
SpeedBatchers using Pluto platform
Marel / Food Processing Systems
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
References
6 references
Acknowledgments
Daniel Lance
{
"document": {
"acknowledgments": [
{
"names": [
"Daniel Lance"
],
"summary": "reporting these vulnerabilities to ICS-CERT"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "United States, Europe, South America, and Asia",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Iceland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-17-094-02B JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-094-02b.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-17-094-02B Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-02b"
}
],
"title": "Marel Food Processing Systems (Update B)",
"tracking": {
"current_release_date": "2017-10-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-17-094-02B",
"initial_release_date": "2017-04-04T00:00:00.000000Z",
"revision_history": [
{
"date": "2017-04-04T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-17-094-02 Marel Food Processing Systems"
},
{
"date": "2017-08-17T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-17-094-02A Marel Food Processing Systems (Update A)"
},
{
"date": "2017-10-12T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-17-094-02B Marel Food Processing Systems (Update B)"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Graders using M3000 terminal,",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Portioning Machines using M3000 terminal,",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Flowline systems using M3000 terminal,",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Packing systems using M3000 terminal,",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SensorX machines using M3000 terminal,",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Target Batchers using M3000 terminal, and",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SpeedBatchers using M3000 terminal",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Graders using Pluto platform,",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Portioning Machines using Pluto platform,",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Flowline systems using Pluto platform,",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Packing systems using Pluto platform,",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SensorX machines using Pluto platform,",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Target Batchers using Pluto platform, and",
"product_id": "CSAFPID-00013"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SpeedBatchers using Pluto platform",
"product_id": "CSAFPID-00014"
}
}
],
"category": "product_name",
"name": "Food Processing Systems"
}
],
"category": "vendor",
"name": "Marel"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9358",
"cwe": {
"id": "CWE-259",
"name": "Use of Hard-coded Password"
},
"notes": [
{
"category": "summary",
"text": "The end user does not have the ability to change system passwords.CVE-2016-9358 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9358"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Marel has released a firewall update for the Pluto platform having version names Pluto1203 and Pluto2. Pluto2, Version 1.0.0-gaf7c5e5-pluto2, and Pluto1203, Version 1.0-0marel0.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "These updates will restrict remote access by implementing SSH authentication.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "Marel has created an update for Pluto-based applications, which was scheduled for release in October, 2017. This update will restrict remote access by implementing SSH authentication.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "Marel reports that all M3000 terminal based products were at end-of-life in July 2012, and, thus, will not release product fixes to address the identified vulnerabilities. Marel recommends that users upgrade these end-of-life systems.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
}
]
},
{
"cve": "CVE-2017-6041",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.CVE-2017-6041 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6041"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Marel has released a firewall update for the Pluto platform having version names Pluto1203 and Pluto2. Pluto2, Version 1.0.0-gaf7c5e5-pluto2, and Pluto1203, Version 1.0-0marel0.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "These updates will restrict remote access by implementing SSH authentication.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "Marel has created an update for Pluto-based applications, which was scheduled for release in October, 2017. This update will restrict remote access by implementing SSH authentication.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "Marel reports that all M3000 terminal based products were at end-of-life in July 2012, and, thus, will not release product fixes to address the identified vulnerabilities. Marel recommends that users upgrade these end-of-life systems.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
}
]
},
{
"cve": "CVE-2017-9626",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "The affected systems using the Pluto platform do not restrict remote access.CVE-2017-9626 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9626"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Marel has released a firewall update for the Pluto platform having version names Pluto1203 and Pluto2. Pluto2, Version 1.0.0-gaf7c5e5-pluto2, and Pluto1203, Version 1.0-0marel0.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "These updates will restrict remote access by implementing SSH authentication.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "Marel has created an update for Pluto-based applications, which was scheduled for release in October, 2017. This update will restrict remote access by implementing SSH authentication.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
},
{
"category": "mitigation",
"details": "Marel reports that all M3000 terminal based products were at end-of-life in July 2012, and, thus, will not release product fixes to address the identified vulnerabilities. Marel recommends that users upgrade these end-of-life systems.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014"
]
}
]
}
]
}
VAR-201706-0364
Vulnerability from variot - Updated: 2023-12-18 12:43A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords. plural Marel Food Processing System The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MarelSensorX25X-rayMachine and others are products of the medical industry of Iceland Marel that provide various medical tests. A security bypass vulnerability exists in several Marel products that originated from the use of hard-coded certificates by programs. A remote attacker could exploit the vulnerability to gain unauthorized access to the affected device. Marel Food Processing Systems are prone to following security vulnerabilities: 1. A security-bypass vulnerability. 2. An arbitrary file-upload vulnerability. Marel SensorX25 X-ray Machine, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0364",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a542",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "check bin grader",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "a530",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "a325",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "a520 master",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "flowlineqc t376",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "a520 slave",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "a571",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "a371",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "a320",
"scope": "eq",
"trust": 1.6,
"vendor": "marel",
"version": null
},
{
"model": "ipm3 dual cam",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": "139"
},
{
"model": "ipm3 dual cam",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": "132"
},
{
"model": "p520",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "sensorx13 qc flow line",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "sensorx23 qc slave",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "t374",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "t377",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "sensorx23 qc master",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "v36c",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "v36",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "v36b",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "p574",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "speed batcher",
"scope": "eq",
"trust": 1.0,
"vendor": "marel",
"version": null
},
{
"model": "a320",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "a325",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "a371",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "a520 master",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "a520 slave",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "a530",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "a542",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "a571",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "check bin grader",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "flowlineqc t376",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "ipm3 dual cam",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "ipm3 single cam",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "p520",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "p574",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "sensorx13 qc flow line",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "sensorx23 qc master",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "sensorx23 qc slave",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "speed batcher",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "t374",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "t377",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "v36",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "v36b",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "v36c",
"scope": null,
"trust": 0.8,
"vendor": "marel",
"version": null
},
{
"model": "sensorx25 x-ray machine",
"scope": null,
"trust": 0.6,
"vendor": "marel",
"version": null
},
{
"model": "sensorx23 x-ray machine",
"scope": null,
"trust": 0.6,
"vendor": "marel",
"version": null
},
{
"model": "mws2 weighing system",
"scope": null,
"trust": 0.6,
"vendor": "marel",
"version": null
},
{
"model": "mac4 controller",
"scope": null,
"trust": 0.6,
"vendor": "marel",
"version": null
},
{
"model": "m3210 termina",
"scope": null,
"trust": 0.6,
"vendor": "marel",
"version": null
},
{
"model": "m3000 termina",
"scope": null,
"trust": 0.6,
"vendor": "marel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ipm3 dual cam",
"version": "132"
},
{
"model": "sensorx25 x-ray machine",
"scope": "eq",
"trust": 0.3,
"vendor": "marel",
"version": "0"
},
{
"model": "sensorx23 x-ray machine",
"scope": "eq",
"trust": 0.3,
"vendor": "marel",
"version": "0"
},
{
"model": "mws2 weighing system",
"scope": "eq",
"trust": 0.3,
"vendor": "marel",
"version": "0"
},
{
"model": "mac4 controller",
"scope": "eq",
"trust": 0.3,
"vendor": "marel",
"version": "0"
},
{
"model": "m3210 terminal",
"scope": "eq",
"trust": 0.3,
"vendor": "marel",
"version": "0"
},
{
"model": "m3000 terminal",
"scope": "eq",
"trust": 0.3,
"vendor": "marel",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a320",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "flowlineqc t376",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ipm3 dual cam",
"version": "139"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "p520",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "p574",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sensorx13 qc flow line",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sensorx23 qc master",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sensorx23 qc slave",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "speed batcher",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a325",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "t374",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "t377",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v36",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v36b",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "v36c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a371",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a520 master",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a520 slave",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a530",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a542",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "a571",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "check bin grader",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"db": "BID",
"id": "97388"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a325:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a371:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a520_master:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a520_slave:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a530:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a542:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:a571:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:check_bin_grader:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:flowlineqc_t376:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:ipm3_dual_cam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:p520:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:p574:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:sensorx13_qc_flow_line:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:sensorx23_qc_master:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:sensorx23_qc_slave:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:speed_batcher:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:t374:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:t377:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:v36:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:v36b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marel:v36c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Lance",
"sources": [
{
"db": "BID",
"id": "97388"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-9358",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05478",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b9677194-118b-4e66-8512-f5dc8b758b86",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-98178",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9358",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9358",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-05478",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-557",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-98178",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-9358",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"db": "VULHUB",
"id": "VHN-98178"
},
{
"db": "VULMON",
"id": "CVE-2016-9358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords. plural Marel Food Processing System The product firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MarelSensorX25X-rayMachine and others are products of the medical industry of Iceland Marel that provide various medical tests. A security bypass vulnerability exists in several Marel products that originated from the use of hard-coded certificates by programs. A remote attacker could exploit the vulnerability to gain unauthorized access to the affected device. Marel Food Processing Systems are prone to following security vulnerabilities:\n1. A security-bypass vulnerability. \n2. An arbitrary file-upload vulnerability. Marel SensorX25 X-ray Machine, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"db": "BID",
"id": "97388"
},
{
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"db": "VULHUB",
"id": "VHN-98178"
},
{
"db": "VULMON",
"id": "CVE-2016-9358"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9358",
"trust": 3.7
},
{
"db": "BID",
"id": "97388",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-094-02",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-094-02B",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05478",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-557",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743",
"trust": 0.8
},
{
"db": "IVD",
"id": "B9677194-118B-4E66-8512-F5DC8B758B86",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-98178",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-9358",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"db": "VULHUB",
"id": "VHN-98178"
},
{
"db": "VULMON",
"id": "CVE-2016-9358"
},
{
"db": "BID",
"id": "97388"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
]
},
"id": "VAR-201706-0364",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"db": "VULHUB",
"id": "VHN-98178"
}
],
"trust": 1.7888888666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"db": "CNVD",
"id": "CNVD-2017-05478"
}
]
},
"last_update_date": "2023-12-18T12:43:36.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://marel.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98178"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"db": "NVD",
"id": "CVE-2016-9358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-02"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97388"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-02b"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9358"
},
{
"trust": 0.3,
"url": "http://marel.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-02 "
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"db": "VULHUB",
"id": "VHN-98178"
},
{
"db": "VULMON",
"id": "CVE-2016-9358"
},
{
"db": "BID",
"id": "97388"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"db": "VULHUB",
"id": "VHN-98178"
},
{
"db": "VULMON",
"id": "CVE-2016-9358"
},
{
"db": "BID",
"id": "97388"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "IVD",
"id": "b9677194-118b-4e66-8512-f5dc8b758b86"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-98178"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-9358"
},
{
"date": "2017-04-04T00:00:00",
"db": "BID",
"id": "97388"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"date": "2017-06-30T03:29:00.187000",
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05478"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-98178"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-9358"
},
{
"date": "2017-04-11T00:02:00",
"db": "BID",
"id": "97388"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008743"
},
{
"date": "2019-10-09T23:20:25.397000",
"db": "NVD",
"id": "CVE-2016-9358"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Marel Food Processing System Vulnerabilities related to the use of hard-coded credentials in product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008743"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-557"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…