CVE-2016-9358

Name of the Vulnerable Software and Affected Versions Marel Food Processing Systems M3000 terminal (affected versions not specified) Marel Food Processing Systems M3210 terminal (affected versions not specified) Marel Food Processing Systems M3000 desktop software (affected versions not specified) Marel Food Processing Systems MAC4 controller (affected versions not specified) Marel Food Processing Systems SensorX23 X-ray machine (affected versions not specified) Marel Food Processing Systems SensorX25 X-ray machine (affected versions not specified) Marel Food Processing Systems MWS2 weighing system (affected versions not specified)

Description A Hard-Coded Passwords issue was discovered in various Marel Food Processing Systems, allowing an attacker to gain unauthorized administrative access to the devices. The affected systems include terminals, desktop software, controllers, X-ray machines, and a weighing system. The end user does not have the ability to change system passwords, and exploitation of this issue may allow a remote attacker to obtain administrative access.

Recommendations For Marel Food Processing Systems M3000 terminal, consider temporarily disabling the use of the terminal until a patch is available. For Marel Food Processing Systems M3210 terminal, consider temporarily disabling the use of the terminal until a patch is available. For Marel Food Processing Systems M3000 desktop software, consider restricting access to the software until a patch is available. For Marel Food Processing Systems MAC4 controller, consider temporarily disabling the use of the controller until a patch is available. For Marel Food Processing Systems SensorX23 X-ray machine and SensorX25 X-ray machine, consider restricting access to the machines until a patch is available. For Marel Food Processing Systems MWS2 weighing system, consider temporarily disabling the use of the system until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.