CVE-2017-6041

Severity CVSS v4.0:

Pending analysis

Type:

CWE-434 Unrestricted Upload of File with Dangerous Type

Publication date:

30/06/2017

Last modified:

20/04/2025

Description

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

9.80

Severity 3.x

CRITICAL

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

7.50

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:marel:a320_firmware:-:::::::*
cpe:2.3:h:marel:a320:-:::::::*
cpe:2.3:o:marel:a325_firmware:-:::::::*
cpe:2.3:h:marel:a325:-:::::::*
cpe:2.3:o:marel:a371_firmware:-:::::::*
cpe:2.3:h:marel:a371:-:::::::*
cpe:2.3:o:marel:a520_master_firmware:-:::::::*
cpe:2.3:h:marel:a520_master:-:::::::*
cpe:2.3:o:marel:a520_slave_firmware:-:::::::*
cpe:2.3:h:marel:a520_slave:-:::::::*
cpe:2.3:o:marel:a530_firmware:-:::::::*
cpe:2.3:h:marel:a530:-:::::::*
cpe:2.3:o:marel:a542_firmware:-:::::::*
cpe:2.3:h:marel:a542:-:::::::*
cpe:2.3:o:marel:a571_firmware:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:marel:a320_firmware:-:::::::*
cpe:2.3:h:marel:a320:-:::::::*
cpe:2.3:o:marel:a325_firmware:-:::::::*
cpe:2.3:h:marel:a325:-:::::::*
cpe:2.3:o:marel:a371_firmware:-:::::::*
cpe:2.3:h:marel:a371:-:::::::*
cpe:2.3:o:marel:a520_master_firmware:-:::::::*
cpe:2.3:h:marel:a520_master:-:::::::*
cpe:2.3:o:marel:a520_slave_firmware:-:::::::*
cpe:2.3:h:marel:a520_slave:-:::::::*
cpe:2.3:o:marel:a530_firmware:-:::::::*
cpe:2.3:h:marel:a530:-:::::::*
cpe:2.3:o:marel:a542_firmware:-:::::::*
cpe:2.3:h:marel:a542:-:::::::*
cpe:2.3:o:marel:a571_firmware:-:::::::*

CVE-2017-6041

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools