CVE-2017-6041

Q: What is the severity of CVE-2017-6041?

CVE-2017-6041 has a CVSS score of 9.8 (CRITICAL). This CVE describes an unrestricted file upload vulnerability in Marel Food Processing Systems equipment that allows attackers to upload arbitrary firmware changes without authentication. Affected systems include M3000/M3210 terminals, desktop software, MAC4 controllers, SensorX X-ray machines, and MWS2 weighing systems across multiple food processing platforms.

9.8 CRITICAL

📋 TL;DR

This CVE describes an unrestricted file upload vulnerability in Marel Food Processing Systems equipment that allows attackers to upload arbitrary firmware changes without authentication. Affected systems include M3000/M3210 terminals, desktop software, MAC4 controllers, SensorX X-ray machines, and MWS2 weighing systems across multiple food processing platforms.

💻 Affected Systems

Products:

M3000 terminal
M3210 terminal
M3000 desktop software
MAC4 controller
SensorX23 X-ray machine
SensorX25 X-ray machine
MWS2 weighing system

Versions: All versions prior to patching

Operating Systems: Embedded/Proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects multiple food processing systems including A320, A325, A371, A520, A530, A542, A571, Check Bin Grader, FlowlineQC, IPM3, P520, P574, Speed Batcher, T374, T377, V36 series.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of food processing systems allowing firmware manipulation, operational disruption, potential safety hazards, and data integrity issues in industrial control environments.

🟠

Likely Case

Unauthorized firmware modifications leading to operational disruption, data manipulation, or system malfunction in food processing facilities.

🟢

If Mitigated

Limited impact with proper network segmentation, access controls, and monitoring in place to detect unauthorized upload attempts.

🌐 Internet-Facing: HIGH - If systems are exposed to internet, attackers can directly exploit without internal access.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthorized firmware changes without detection.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unrestricted upload vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact vendor for specific patched versions

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02

Restart Required: Yes

Instructions:

1. Contact Marel Food Processing Systems for firmware updates
2. Apply firmware patches to all affected systems
3. Restart systems after patching
4. Verify patch application through vendor documentation

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks and implement strict firewall rules

Access Control

all

Implement strict authentication and authorization controls for firmware upload functionality

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from untrusted networks
Deploy intrusion detection systems to monitor for unauthorized firmware upload attempts

🔍 How to Verify

Check if Vulnerable:

Check system firmware version against vendor patched versions. Systems without authentication for firmware upload are vulnerable.

Check Version:

Consult vendor documentation for firmware version checking commands specific to each system

Verify Fix Applied:

Verify firmware version matches vendor's patched version and test that unauthorized uploads are blocked.

📡 Detection & Monitoring

Log Indicators:

Unauthorized firmware upload attempts
Unexpected firmware version changes
Authentication bypass logs

Network Indicators:

Unexpected firmware upload traffic to industrial control systems
Unauthorized connections to firmware update ports

SIEM Query:

Search for: firmware upload events from unauthorized sources OR authentication failures followed by successful uploads

📊 Metadata

CVE ID: CVE-2017-6041

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 30, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/97388 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 Mitigation,Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/97388 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 Mitigation,Third Party Advisory,US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

A320 Firmware by Marel

A325 Firmware by Marel

A371 Firmware by Marel

A520 Master Firmware by Marel

A520 Slave Firmware by Marel

A530 Firmware by Marel

A542 Firmware by Marel

A571 Firmware by Marel

Check Bin Grader Firmware by Marel

Flowlineqc T376 Firmware by Marel

Ipm3 Dual Cam Firmware by Marel

Ipm3 Dual Cam Firmware by Marel

Ipm3 Dual Cam Firmware by Marel

P520 Firmware by Marel

P574 Firmware by Marel

Sensorx13 Qc Flow Line Firmware by Marel

Sensorx23 Qc Master Firmware by Marel

Sensorx23 Qc Slave Firmware by Marel

Speed Batcher Firmware by Marel

T374 Firmware by Marel

T377 Firmware by Marel

V36 Firmware by Marel

V36b Firmware by Marel

V36c Firmware by Marel

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities