CVE-2018-5401

Summary

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Affected Software

VendorProductVersion RangeStatus
Auto-MaskinDCU-210E3.7 < 3.7affected
Auto-MaskinRP-210E3.7 < 3.7affected
Auto-MaskinMarine Pro Observer Android App0.1unknown

Weaknesses

  • CWE-319: CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References