Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-5401

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Published

2018-10-08T15:29:02.870

Last Modified

2024-11-21T04:08:44.713

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-319
Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	auto-maskin	rp_210e_firmware	-	Yes
Hardware	arm	arm7	< 3.7	No
Hardware	auto-maskin	rp_210e	-	No
Operating System	auto-maskin	dcu_210e_firmware	-	Yes
Hardware	arm	arm7	< 3.7	No
Hardware	auto-maskin	dcu_210e	-	No
Application	auto-maskin	marine_pro_observer	-	Yes

References

https://www.kb.cert.org/vuls/id/176301 Third Party Advisory, US Government Resource ([email protected])
https://www.us-cert.gov/ics/advisories/icsa-20-051-04 ([email protected])
https://www.kb.cert.org/vuls/id/176301 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.us-cert.gov/ics/advisories/icsa-20-051-04 (af854a3a-2127-422b-91ae-364da2661108)