Critical severity9.8NVD Advisory· Published Jun 30, 2017· Updated May 13, 2026

CVE-2017-6041

Description

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.

Affected products

Maru/A320 Firmware
cpe:2.3:o:marel:a320_firmware:-:*:*:*:*:*:*:*
Maru/A325 Firmware
cpe:2.3:o:marel:a325_firmware:-:*:*:*:*:*:*:*
Maru/A371 Firmware
cpe:2.3:o:marel:a371_firmware:-:*:*:*:*:*:*:*
Maru/A520 Master Firmware
cpe:2.3:o:marel:a520_master_firmware:-:*:*:*:*:*:*:*
Maru/A520 Slave Firmware
cpe:2.3:o:marel:a520_slave_firmware:-:*:*:*:*:*:*:*
Maru/A530 Firmware
cpe:2.3:o:marel:a530_firmware:-:*:*:*:*:*:*:*
Maru/A542 Firmware
cpe:2.3:o:marel:a542_firmware:-:*:*:*:*:*:*:*
Maru/A571 Firmware
cpe:2.3:o:marel:a571_firmware:-:*:*:*:*:*:*:*
Maru/Check Bin Grader Firmware
cpe:2.3:o:marel:check_bin_grader_firmware:-:*:*:*:*:*:*:*
Maru/Flowlineqc T376 Firmware
cpe:2.3:o:marel:flowlineqc_t376_firmware:-:*:*:*:*:*:*:*
Maru/Ipm3 Dual Cam Firmware2 versions
cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:marel:ipm3_dual_cam_firmware:132:*:*:*:*:*:*:*
- cpe:2.3:o:marel:ipm3_dual_cam_firmware:139:*:*:*:*:*:*:*
Maru/P520 Firmware
cpe:2.3:o:marel:p520_firmware:-:*:*:*:*:*:*:*
Maru/P574 Firmware
cpe:2.3:o:marel:p574_firmware:-:*:*:*:*:*:*:*
Maru/Sensorx13 Qc Flow Line Firmware
cpe:2.3:o:marel:sensorx13_qc_flow_line_firmware:-:*:*:*:*:*:*:*
Maru/Sensorx23 Qc Master Firmware
cpe:2.3:o:marel:sensorx23_qc_master_firmware:-:*:*:*:*:*:*:*
Maru/Sensorx23 Qc Slave Firmware
cpe:2.3:o:marel:sensorx23_qc_slave_firmware:-:*:*:*:*:*:*:*
Maru/Speed Batcher Firmware
cpe:2.3:o:marel:speed_batcher_firmware:-:*:*:*:*:*:*:*
Maru/T374 Firmware
cpe:2.3:o:marel:t374_firmware:-:*:*:*:*:*:*:*
Maru/T377 Firmware
cpe:2.3:o:marel:t377_firmware:-:*:*:*:*:*:*:*
Maru/V36b Firmware
cpe:2.3:o:marel:v36b_firmware:-:*:*:*:*:*:*:*
Maru/V36c Firmware
cpe:2.3:o:marel:v36c_firmware:-:*:*:*:*:*:*:*
Maru/V36 Firmware
cpe:2.3:o:marel:v36_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/97388nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-17-094-02nvdMitigationThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000