Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2017-02111

Опубликовано: 04 апр. 2017
Источник: fstec
CVSS2: 10
EPSS Низкий

Описание

Уязвимость службы авторизации терминалов M3000 Terminal и M3210 Terminal, программного обеспечения M3000 Desktop, контроллера MAC4 Controller, рентгеновских аппаратов SensorX23 X-ray Machine и SensorX25 X-ray Machine, системы взвешивания MWS2 Weighing System связана с использованием неизменяемых предустановленных системных учетных записей. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ администратора к соответствующим устройствам

Вендор

Marel Food Processing Systems

Наименование ПО

M3000 Terminal
M3210 Terminal
M3000 Desktop
MAC4 Сontroller
SensorX23 X-ray machine
SensorX25 X-ray machine
MWS2 Weighing System

Версия ПО

A320 (M3000 Terminal)
A325 (M3000 Terminal)
A371 (M3000 Terminal)
A520 Master (M3000 Terminal)
A520 Slave (M3000 Terminal)
A530 (M3000 Terminal)
A542 (M3000 Terminal)
A571 (M3000 Terminal)
Check Bin Grader (M3000 Terminal)
FlowlineQC T376 (M3000 Terminal)
IPM3 Dual Cam v132 (M3000 Terminal)
IPM3 Dual Cam v139 (M3000 Terminal)
IPM3 Single Cam v132 (M3000 Terminal)
P520 (M3000 Terminal)
P574 (M3000 Terminal)
SensorX13 QC flow line (M3000 Terminal)
SensorX23 QC Master (M3000 Terminal)
SensorX23 QC Slave (M3000 Terminal)
Speed Batcher (M3000 Terminal)
T374 (M3000 Terminal)
T377 (M3000 Terminal)
V36 (M3000 Terminal)
V36B (M3000 Terminal)
V36C (M3000 Terminal)
A320 (M3210 Terminal)
A325 (M3210 Terminal)
A371 (M3210 Terminal)
A520 Master (M3210 Terminal)
A520 Slave (M3210 Terminal)
A530 (M3210 Terminal)
A542 (M3210 Terminal)
A571 (M3210 Terminal)
Check Bin Grader (M3210 Terminal)
FlowlineQC T376 (M3210 Terminal)
IPM3 Dual Cam v132 (M3210 Terminal)
IPM3 Dual Cam v139 (M3210 Terminal)
IPM3 Single Cam v132 (M3210 Terminal)
P520 (M3210 Terminal)
P574 (M3210 Terminal)
SensorX13 QC flow line (M3210 Terminal)
SensorX23 QC Master (M3210 Terminal)
SensorX23 QC Slave (M3210 Terminal)
Speed Batcher (M3210 Terminal)
T374 (M3210 Terminal)
T377 (M3210 Terminal)
V36 (M3210 Terminal)
V36B (M3210 Terminal)
V36C (M3210 Terminal)
A320 (M3000 Desktop)
A325 (M3000 Desktop)
A371 (M3000 Desktop)
A520 Master (M3000 Desktop)
A520 Slave (M3000 Desktop)
A530 (M3000 Desktop)
A542 (M3000 Desktop)
A571 (M3000 Desktop)
Check Bin Grader (M3000 Desktop)
FlowlineQC T376 (M3000 Desktop)
IPM3 Dual Cam v132 (M3000 Desktop)
IPM3 Dual Cam v139 (M3000 Desktop)
IPM3 Single Cam v132 (M3000 Desktop)
P520 (M3000 Desktop)
P574 (M3000 Desktop)
SensorX13 QC flow line (M3000 Desktop)
SensorX23 QC Master (M3000 Desktop)
SensorX23 QC Slave (M3000 Desktop)
Speed Batcher (M3000 Desktop)
T374 (M3000 Desktop)
T377 (M3000 Desktop)
V36 (M3000 Desktop)
V36B (M3000 Desktop)
V36C (M3000 Desktop)
A320 (MAC4 Сontroller)
A325 (MAC4 Сontroller)
A371 (MAC4 Сontroller)
A520 Master (MAC4 Сontroller)
A520 Slave (MAC4 Сontroller)
A530 (MAC4 Сontroller)
A542 (MAC4 Сontroller)
A571 (MAC4 Сontroller)
Check Bin Grader (MAC4 Сontroller)
FlowlineQC T376 (MAC4 Сontroller)
IPM3 Dual Cam v132 (MAC4 Сontroller)
IPM3 Dual Cam v139 (MAC4 Сontroller)
IPM3 Single Cam v132 (MAC4 Сontroller)
P520 (MAC4 Сontroller)
P574 (MAC4 Сontroller)
SensorX13 QC flow line (MAC4 Сontroller)
SensorX23 QC Master (MAC4 Сontroller)
SensorX23 QC Slave (MAC4 Сontroller)
Speed Batcher (MAC4 Сontroller)
T374 (MAC4 Сontroller)
T377 (MAC4 Сontroller)
V36 (MAC4 Сontroller)
V36B (MAC4 Сontroller)
V36C (MAC4 Сontroller)
- (SensorX23 X-ray machine)
- (SensorX25 X-ray machine)
- (MWS2 Weighing System)

Тип ПО

ПО программно-аппаратного средства АСУ ТП
ПО сетевого программно-аппаратного средства

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)

Возможные меры по устранению уязвимости

Принятие ограничительных мер для минимизации риска использования данной уязвимости

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Информация об устранении отсутствует

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 67%
0.00545
Низкий

10 Critical

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-9358

CVSS3: 9.8
nvd
больше 8 лет назад

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.

github логотип

GHSA-xg2q-c9m7-c58f

CVSS3: 9.8
github
больше 3 лет назад

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.

EPSS

Процентиль: 67%
0.00545
Низкий

10 Critical

CVSS2