← Back

CVE-2018-5401

nvd nist
Published: Oct 8, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Affected (3)

Auto Maskin
3 products
Rp 210e Firmware
Dcu 210e Firmware
Marine Pro Observer
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rp 210e Firmware
All versions
Running on/withPlatform Versions
Auto Maskin
Rp 210e
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Dcu 210e Firmware
All versions
Running on/withPlatform Versions
Arm
Arm7
Before 3.7
Auto Maskin
Dcu 210e
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Marine Pro Observer
All versions

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

Source: cret@cert.org
Third Party AdvisoryUS Government Resource
Source: cret@cert.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.