CVE-2023-49900
X-Rite · MA-T6
The X-Rite MA-T6 device is vulnerable to remote code execution due to improper input sanitization in the SetParameter command.
Executive summary
An unauthenticated remote code execution vulnerability in the X-Rite MA-T6 allows attackers to gain full system control via unsanitized input.
Vulnerability
This is an OS Command Injection vulnerability (CWE-78) triggered by the SetParameter command, which fails to neutralize special elements, allowing an unauthenticated attacker to execute arbitrary commands on the underlying operating system.
Business impact
The ability for an unauthenticated attacker to execute arbitrary code on the MA-T6 device represents a critical security failure. Successful exploitation could lead to total compromise of the device, potential lateral movement into the internal network, and the permanent loss of control over the spectrophotometer unit. The CVSS score of 9.8 underscores the extreme severity and ease of exploitation for this flaw.
Remediation
Immediate Action: Update the X-Rite MA-T6 firmware to version 2.33 or later immediately.
Proactive Monitoring: Monitor network traffic for suspicious command-line patterns or unexpected outbound connections originating from the MA-T6 device.
Compensating Controls: If the device cannot be updated immediately, isolate the MA-T6 on a segmented network with strict firewall rules to prevent unauthorized access from external or untrusted sources.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
Given the critical CVSS severity and the nature of the flaw, organizations must treat this as a priority update. Immediate firmware remediation is necessary to prevent potential remote code execution. If patching is not immediately feasible, network segmentation is essential to mitigate the risk of unauthorized access.