← Back

CVE-2016-9358

nvd nist
Published: Jun 30, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.

Affected (23)

Marel
22 products
A320 Firmware
A325 Firmware
A371 Firmware
A520 Master Firmware
A520 Slave Firmware
A530 Firmware
A542 Firmware
A571 Firmware
Check Bin Grader Firmware
Flowlineqc T376 Firmware
Ipm3 Dual Cam Firmware
P520 Firmware
P574 Firmware
Sensorx13 Qc Flow Line Firmware
Sensorx23 Qc Master Firmware
Sensorx23 Qc Slave Firmware
Speed Batcher Firmware
T374 Firmware
T377 Firmware
V36 Firmware
V36b Firmware
V36c Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A320 Firmware
All versions
Running on/withPlatform Versions
Marel
A320
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A325 Firmware
All versions
Running on/withPlatform Versions
Marel
A325
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A371 Firmware
All versions
Running on/withPlatform Versions
Marel
A371
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A520 Master Firmware
All versions
Running on/withPlatform Versions
Marel
A520 Master
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A520 Slave Firmware
All versions
Running on/withPlatform Versions
Marel
A520 Slave
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A530 Firmware
All versions
Running on/withPlatform Versions
Marel
A530
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A542 Firmware
All versions
Running on/withPlatform Versions
Marel
A542
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
A571 Firmware
All versions
Running on/withPlatform Versions
Marel
A571
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Check Bin Grader Firmware
All versions
Running on/withPlatform Versions
Marel
Check Bin Grader
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flowlineqc T376 Firmware
All versions
Running on/withPlatform Versions
Marel
Flowlineqc T376
All versions
Configuration L
1 vulnerable
Vulnerable SoftwareAffected Versions
Ipm3 Dual Cam Firmware
Version 139
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ipm3 Dual Cam Firmware
Version 132
Running on/withPlatform Versions
Marel
Ipm3 Dual Cam
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
P520 Firmware
All versions
Running on/withPlatform Versions
Marel
P520
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
P574 Firmware
All versions
Running on/withPlatform Versions
Marel
P574
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sensorx13 Qc Flow Line Firmware
All versions
Running on/withPlatform Versions
Marel
Sensorx13 Qc Flow Line
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sensorx23 Qc Master Firmware
All versions
Running on/withPlatform Versions
Marel
Sensorx23 Qc Master
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sensorx23 Qc Slave Firmware
All versions
Running on/withPlatform Versions
Marel
Sensorx23 Qc Slave
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Speed Batcher Firmware
All versions
Running on/withPlatform Versions
Marel
Speed Batcher
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
T374 Firmware
All versions
Running on/withPlatform Versions
Marel
T374
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
T377 Firmware
All versions
Running on/withPlatform Versions
Marel
T377
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
V36 Firmware
All versions
Running on/withPlatform Versions
Marel
V36
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
V36b Firmware
All versions
Running on/withPlatform Versions
Marel
V36b
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
V36c Firmware
All versions
Running on/withPlatform Versions
Marel
V36c
All versions

Related CWEs

CWE-259
Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.