CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-6558
https://notcve.org/view.php?id=CVE-2019-6558
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. En Auto-Maskin RP210E Versiones 3.7 y anteriores, DCU210E Versiones 3.7 y anteriores y Marine Observer Pro (aplicación de Android), el software contiene un mecanismo para que los usuarios recuperen o cambien sus contraseñas sin conocer la contraseña original, pero el mecanismo es débil. • https://www.us-cert.gov/ics/advisories/icsa-20-051-04 • CWE-521: Weak Password Requirements •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-6560
https://notcve.org/view.php?id=CVE-2019-6560
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. En Auto-Maskin RP210E Versiones 3.7 y anteriores, DCU210E Versiones 3.7 y anteriores y Marine Observer Pro (aplicación de Android), el software contiene un mecanismo para que los usuarios recuperen o cambien sus contraseñas sin conocer la contraseña original, pero el mecanismo es débil. • https://www.us-cert.gov/ics/advisories/icsa-20-051-04 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5402 – The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN
https://notcve.org/view.php?id=CVE-2018-5402
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7. Las aplicaciones de Android Auto-Maskin DCU 210E, RP-210E y Marine Pro Observer emplean un servidor web embebido que emplea texto plano para la transmisión del PIN del administrador. • https://www.kb.cert.org/vuls/id/176301 https://www.us-cert.gov/ics/advisories/icsa-20-051-04 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5401 – The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors
https://notcve.org/view.php?id=CVE-2018-5401
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. • https://www.kb.cert.org/vuls/id/176301 https://www.us-cert.gov/ics/advisories/icsa-20-051-04 • CWE-319: Cleartext Transmission of Sensitive Information •