Marel Food Processing Systems

Tuesday, April 4, 2017 @ 04:04 PM gHale


Marel has hard coded password and unrestricted upload vulnerabilities in its food processing systems, according to a report with ICS-CERT.

As a result of the remotely exploitable vulnerability, discovered by researcher Daniel Lance, a remote attacker may be able to gain unauthorized administrative access to affected devices.

RELATED STORIES
Rockwell Fixes Stratix, ArmorStratix Hole
Wonderware Vulnerabilities Mitigated
Schneider Fixes Modicon PLC Issues
Miele Working to Fix Webserver Hole

The following Marel food processing products suffer from the issue:
• M3000 terminal associated with the following systems:
A320
A325
A371
A520 Master
A520 Slave
A530
A542
A571
Check Bin Grader
FlowlineQC T376
IPM3 Dual Cam v132
IPM3 Dual Cam v139
IPM3 Single Cam v132
P520
P574
SensorX13 QC flow line
SensorX23 QC Master
SensorX23 QC Slave
Speed Batcher
T374
T377
V36
V36B
V36C
• M3210 terminal associated with the same systems as the M3000 terminal identified above
• M3000 desktop software associated with the same systems as the M3000 terminal identified above
• MAC4 controller associated with the same systems as the M3000 terminal identified above
• SensorX23 X-ray machine
• SensorX25 X-ray machine
• MWS2 weighing system

In the hard-coded password vulnerability, the end user does not have the ability to change system passwords.

CVE-2016-9358 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The unrestricted upload of file with dangerous type vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

CVE-2017-6041 is the case number n assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The products see action mainly in the food and agriculture sectors. The products see use in the United States, Europe, South America and Asia.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could exploit the vulnerabilities.

Iceland-based Marel has not produced an update to mitigate these vulnerabilities.

ICS-CERT recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
• Ensure all unused ports are closed
• Ensure that good network design practices are followed, which include network separation and segmentation
• Use properly configured DMZs and firewalls to selectively control and monitor traffic passed between zones and systems
• Review traffic logs for anomalous network and logon activity
• Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet
• Locate control system networks and remote devices behind firewalls, and isolate them from the business network
• When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices



Leave a Reply

You must be logged in to post a comment.