MidnightBSD

Advisories for marel

CVE-2016-9358 HIGH

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-259,CWE-798,

Products Affected

Vendor Product Version
marel v36_firmware -
marel v36b_firmware -
marel a325_firmware -
marel a320_firmware -
marel a371_firmware -
marel ipm3_dual_cam_firmware 132
marel a542_firmware -
marel a520_master_firmware -
marel check_bin_grader_firmware -
marel sensorx13_qc_flow_line_firmware -
marel flowlineqc_t376_firmware -
marel ipm3_dual_cam_firmware 139
marel speed_batcher_firmware -
marel t377_firmware -
marel sensorx23_qc_slave_firmware -
marel t374_firmware -
marel a530_firmware -
marel a571_firmware -
marel p520_firmware -
marel sensorx23_qc_master_firmware -
marel p574_firmware -
marel a520_slave_firmware -
marel v36c_firmware -
CVE-2017-6041 HIGH

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
marel v36_firmware -
marel v36b_firmware -
marel a325_firmware -
marel a320_firmware -
marel a371_firmware -
marel ipm3_dual_cam_firmware 132
marel a542_firmware -
marel a520_master_firmware -
marel check_bin_grader_firmware -
marel sensorx13_qc_flow_line_firmware -
marel flowlineqc_t376_firmware -
marel ipm3_dual_cam_firmware 139
marel speed_batcher_firmware -
marel t377_firmware -
marel sensorx23_qc_slave_firmware -
marel t374_firmware -
marel a530_firmware -
marel a571_firmware -
marel p520_firmware -
marel sensorx23_qc_master_firmware -
marel p574_firmware -
marel a520_slave_firmware -
marel v36c_firmware -
CVE-2017-9626 HIGH

Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-732,

Products Affected

Vendor Product Version
marel pluto1203 1.0
marel pluto2 1.0.0