// For flags

CVE-2018-5401

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Las aplicaciones de Android Auto-Maskin DCU 210E, RP-210E y Marine Pro Observer transmiten datos sensibles o críticos para la seguridad en texto claro en un canal de comunicación que puede ser rastreado por actores no autorizados. Los dispositivos transmiten la información de control de procesos mediante comunicaciones Modbus no cifradas. Impacto: un atacante puede explotar esta vulnerabilidad para observar información sobre configuraciones, opciones, qué sensores están presentes y en uso, y otro tipo de información para ayudar a manipular mensajes suplantados. Se requiere acceso a la red. Las versiones afectadas son las aplicaciones de Android Auto-Maskin DCU-210E RP-210E y Marine Pro Observer. Versiones anteriores a la 3.7 en ARMv7.

*Credits: Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-12 CVE Reserved
  • 2018-10-08 CVE Published
  • 2024-07-16 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (2)
URL Tag Source
https://www.kb.cert.org/vuls/id/176301 Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-051-04 X_refsource_misc
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Auto-maskin
Search vendor "Auto-maskin"
 Rp 210e Firmware
Search vendor "Auto-maskin" for product "Rp 210e Firmware"
--
Affected
in Arm
Search vendor "Arm"
 Arm7
Search vendor "Arm" for product "Arm7"
 < 3.7
Search vendor "Arm" for product "Arm7" and version " < 3.7"
-
Safe
Auto-maskin
Search vendor "Auto-maskin"
 Rp 210e Firmware
Search vendor "Auto-maskin" for product "Rp 210e Firmware"
--
Affected
in Auto-maskin
Search vendor "Auto-maskin"
 Rp 210e
Search vendor "Auto-maskin" for product "Rp 210e"
--
Safe
Auto-maskin
Search vendor "Auto-maskin"
 Dcu 210e Firmware
Search vendor "Auto-maskin" for product "Dcu 210e Firmware"
--
Affected
in Arm
Search vendor "Arm"
 Arm7
Search vendor "Arm" for product "Arm7"
 < 3.7
Search vendor "Arm" for product "Arm7" and version " < 3.7"
-
Safe
Auto-maskin
Search vendor "Auto-maskin"
 Dcu 210e Firmware
Search vendor "Auto-maskin" for product "Dcu 210e Firmware"
--
Affected
in Auto-maskin
Search vendor "Auto-maskin"
 Dcu 210e
Search vendor "Auto-maskin" for product "Dcu 210e"
--
Safe
Auto-maskin
Search vendor "Auto-maskin"
 Marine Pro Observer
Search vendor "Auto-maskin" for product "Marine Pro Observer"
-android
Affected