CVE-2018-5401

Published Oct 8, 2018

Last updated 5 years ago

CVSS medium 5.9

Overview

Description: The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-319
cret@cert.org: CWE-319

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6276379-86DE-440E-88B1-E2B4AC1A1DD6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4",
            "versionEndExcluding": "3.7"
          },
          {
            "criteria": "cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B7F66D3-0436-4BF6-A177-C04C59BFAEE5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4121F18D-C67D-402B-85EB-7768BED46A82"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4",
            "versionEndExcluding": "3.7"
          },
          {
            "criteria": "cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "378677CF-D35D-4122-B481-3B7FCF6F4D27"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9050A5F-13F4-44EC-B1C9-8DB90508AA8D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References