Marel Food Processing Systems Security Bypass and Arbitrary File Upload Vulnerabilities

Marel Food Processing Systems are prone to following security vulnerabilities:

1. A security-bypass vulnerability.
2. An arbitrary file-upload vulnerability.

Attackers can exploit these issues to upload arbitrary files and gain unauthorized administrative access to the affected devices.

The following products are vulnerable:

SensorX23 X-ray machine
SensorX25 X-ray machine
MWS2 weighing system
M3000 terminal, M3210 terminal , M3000 desktop software, and MAC4 controller associated with the following systems:

A320
A325
A371
A520 Master
A520 Slave
A530
A542
A571
Check Bin Grader
FlowlineQC T376
IPM3 Dual Cam v132
IPM3 Dual Cam v139
IPM3 Single Cam v132
P520
P574
SensorX13 QC flow line
SensorX23 QC Master
SensorX23 QC Slave
Speed Batcher
T374
T377
V36
V36B
V36C

Information

Bugtraq ID: 97388
Class: Design Error
CVE: CVE-2017-6041
CVE-2016-9358

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Daniel Lance
Vulnerable: Marel SensorX25 X-ray Machine 0
Marel SensorX23 X-ray Machine 0
Marel MWS2 Weighing System 0
Marel MAC4 Controller 0
Marel M3210 Terminal 0
Marel M3000 Terminal 0

Not Vulnerable:

References:

• Marel Homepage (Marel)
  
• ICSA-17-094-02 Marel Food Processing Systems (CERT)
  

Source: www.securityfocus.com