CVE-2018-5401
Last modified
CVE-2018-5401 is a vulnerability of currently unknown severity. The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. EPSS estimates a 0.87% chance of exploitation in the next 30 days.
Description
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Auto-Maskin | Rp 210e Firmware | All versions |
| Auto-Maskin | Dcu 210e Firmware | All versions |
| Auto-Maskin | Marine Pro Observer | All versions |
References
- https://www.kb.cert.org/vuls/id/176301Third Party Advisory, US Government Resource
- https://www.kb.cert.org/vuls/id/176301Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5401?
How severe is CVE-2018-5401?
How do I fix CVE-2018-5401?
Are you affected by CVE-2018-5401?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST