cnvd - cnvd-2017-22832

CNVD-2017-22832

Vulnerability from cnvd - Published: 2017-08-25

Title

多款Marel未授权访问漏洞

Description

Marel是肉类加工行业中拥有先进设备、系统和服务的供应商。多款Marel未授权访问漏洞，攻击者可利用漏洞访问使用Pluto平台的系统。

Severity

高

Formal description

目前没有详细的解决方案提供： http://marel.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02A

Impacted products

Name
['Marel Graders using Pluto platform', 'Marel Portioning Machines using Pluto platform', 'Marel Flowline systems using Pluto platform', 'Marel Packing systems using Pluto platform', 'Marel SensorX machines using Pluto platform', 'Marel Target Batchers using Pluto platform', 'Marel SpeedBatchers using Pluto platform']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9626"
    }
  },
  "description": "Marel\u662f\u8089\u7c7b\u52a0\u5de5\u884c\u4e1a\u4e2d\u62e5\u6709\u5148\u8fdb\u8bbe\u5907\u3001\u7cfb\u7edf\u548c\u670d\u52a1\u7684\u4f9b\u5e94\u5546\u3002\r\n\r\n\u591a\u6b3eMarel\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bbf\u95ee\u4f7f\u7528Pluto\u5e73\u53f0\u7684\u7cfb\u7edf\u3002",
  "discovererName": "Daniel Lance",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a \r\nhttp://marel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22832",
  "openTime": "2017-08-25",
  "products": {
    "product": [
      "Marel Graders using Pluto platform",
      "Marel Portioning Machines using Pluto platform",
      "Marel Flowline systems using Pluto platform",
      "Marel Packing systems using Pluto platform",
      "Marel SensorX machines using Pluto platform",
      "Marel Target Batchers using Pluto platform",
      "Marel SpeedBatchers using Pluto platform"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02A",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-25",
  "title": "\u591a\u6b3eMarel\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2017-9626 (GCVE-0-2017-9626)

Vulnerability from cvelistv5 – Published: 2019-03-27 19:35 – Updated: 2024-08-05 17:11

Summary

Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control CWE-284

Assigner

icscert

References

URL

Tags

https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Marel	Marel Food Processing Systems Pluto platform	Affected: Graders using Pluto platform Affected: Portioning Machines using Pluto platform Affected: Flowline systems using Pluto platform Affected: Packing systems using Pluto platform Affected: SensorX machines using Pluto platform Affected: Target Batchers using Pluto platform Affected: and SpeedBatchers using Pluto platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:11:02.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Marel Food Processing Systems Pluto platform",
          "vendor": "Marel",
          "versions": [
            {
              "status": "affected",
              "version": "Graders using Pluto platform"
            },
            {
              "status": "affected",
              "version": "Portioning Machines using Pluto platform"
            },
            {
              "status": "affected",
              "version": "Flowline systems using Pluto platform"
            },
            {
              "status": "affected",
              "version": "Packing systems using Pluto platform"
            },
            {
              "status": "affected",
              "version": "SensorX machines using Pluto platform"
            },
            {
              "status": "affected",
              "version": "Target Batchers using Pluto platform"
            },
            {
              "status": "affected",
              "version": "and SpeedBatchers using Pluto platform"
            }
          ]
        }
      ],
      "datePublic": "2017-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-27T19:35:52",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-9626",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Marel Food Processing Systems Pluto platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Graders using Pluto platform"
                          },
                          {
                            "version_value": "Portioning Machines using Pluto platform"
                          },
                          {
                            "version_value": "Flowline systems using Pluto platform"
                          },
                          {
                            "version_value": "Packing systems using Pluto platform"
                          },
                          {
                            "version_value": "SensorX machines using Pluto platform"
                          },
                          {
                            "version_value": "Target Batchers using Pluto platform"
                          },
                          {
                            "version_value": "and SpeedBatchers using Pluto platform"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Marel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02B"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-9626",
    "datePublished": "2019-03-27T19:35:52",
    "dateReserved": "2017-06-14T00:00:00",
    "dateUpdated": "2024-08-05T17:11:02.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-22832

CVE-2017-9626 (GCVE-0-2017-9626)

Tags

Sightings

Nomenclature