Marel has hard coded password and unrestricted upload vulnerabilities in its food processing systems, according to a report with ICS-CERT.
As a result of the remotely exploitable vulnerability, discovered by researcher Daniel Lance, a remote attacker may be able to gain unauthorized administrative access to affected devices.
The following Marel food processing products suffer from the issue:
• M3000 terminal associated with the following systems:
Check Bin Grader
IPM3 Dual Cam v132
IPM3 Dual Cam v139
IPM3 Single Cam v132
SensorX13 QC flow line
SensorX23 QC Master
SensorX23 QC Slave
• M3210 terminal associated with the same systems as the M3000 terminal identified above
• M3000 desktop software associated with the same systems as the M3000 terminal identified above
• MAC4 controller associated with the same systems as the M3000 terminal identified above
• SensorX23 X-ray machine
• SensorX25 X-ray machine
• MWS2 weighing system
In the hard-coded password vulnerability, the end user does not have the ability to change system passwords.
CVE-2016-9358 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The unrestricted upload of file with dangerous type vulnerability allows an attacker to modify the operation and upload firmware changes without detection.
CVE-2017-6041 is the case number n assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The products see action mainly in the food and agriculture sectors. The products see use in the United States, Europe, South America and Asia.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could exploit the vulnerabilities.
Iceland-based Marel has not produced an update to mitigate these vulnerabilities.
ICS-CERT recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
• Ensure all unused ports are closed
• Ensure that good network design practices are followed, which include network separation and segmentation
• Use properly configured DMZs and firewalls to selectively control and monitor traffic passed between zones and systems
• Review traffic logs for anomalous network and logon activity
• Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices