CVE-2017-6041

Name of the Vulnerable Software and Affected Versions Marel Food Processing Systems M3000 terminal Marel Food Processing Systems M3210 terminal Marel Food Processing Systems M3000 desktop software Marel Food Processing Systems MAC4 controller Marel Food Processing Systems SensorX23 X-ray machine Marel Food Processing Systems SensorX25 X-ray machine Marel Food Processing Systems MWS2 weighing system

Description An Unrestricted Upload issue was discovered, allowing an attacker to modify the operation and upload firmware changes without detection. This issue affects various systems, including A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C.

Recommendations For Marel Food Processing Systems M3000 terminal, consider restricting access to firmware upload functionality until a patch is available. For Marel Food Processing Systems M3210 terminal, consider restricting access to firmware upload functionality until a patch is available. For Marel Food Processing Systems M3000 desktop software, consider restricting access to firmware upload functionality until a patch is available. For Marel Food Processing Systems MAC4 controller, consider restricting access to firmware upload functionality until a patch is available. For Marel Food Processing Systems SensorX23 X-ray machine, consider restricting access to firmware upload functionality until a patch is available. For Marel Food Processing Systems SensorX25 X-ray machine, consider restricting access to firmware upload functionality until a patch is available. For Marel Food Processing Systems MWS2 weighing system, consider restricting access to firmware upload functionality until a patch is available.