Vulnerability Details : CVE-2018-5401
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
Exploit prediction scoring system (EPSS) score for CVE-2018-5401
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-5401
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
CERT/CC |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2018-5401
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by:
- cret@cert.org (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-5401
-
https://www.us-cert.gov/ics/advisories/icsa-20-051-04
Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) | CISA
-
https://www.kb.cert.org/vuls/id/176301
VU#176301 - Auto-Maskin DCU 210E RP 210E and Marine Pro Observer AppThird Party Advisory;US Government Resource
Products affected by CVE-2018-5401
- cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*