VDB

CVE-2018-5401

CVE-2018-5401 PUBLISHED CVSS 9.1 CRITICAL

Reported by certcc · Published October 8, 2018

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Risk Scores

CVSS 3.0
9.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Auto-MaskinDCU-210E3.7
Auto-MaskinRP-210E3.7
Auto-MaskinMarine Pro Observer Android App0.1
Auto-MaskinRP-210E3.7
Auto-MaskinMarine Pro Observer Android App0.1
Auto-MaskinDCU-210E3.7

Timeline

  • Oct 6, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

  • VU#176301 third-party-advisoryx_refsource_CERT-VN
  • x_refsource_MISC
Open in Interactive Console →
$ Console Community · 100/wk Open console ›