CVE-2018-5401
Reported by certcc · Published October 8, 2018
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Auto-Maskin | DCU-210E | 3.7 |
| Auto-Maskin | RP-210E | 3.7 |
| Auto-Maskin | Marine Pro Observer Android App | 0.1 |
| Auto-Maskin | RP-210E | 3.7 |
| Auto-Maskin | Marine Pro Observer Android App | 0.1 |
| Auto-Maskin | DCU-210E | 3.7 |
Timeline
- Oct 6, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- VU#176301 third-party-advisoryx_refsource_CERT-VN
- x_refsource_MISC