PT-2018-16945 · Marine Pro+1 · Marine Pro Observer Android App+2
Brian Olson
+1
·
Published
2018-10-08
·
Updated
2019-10-09
·
CVE-2018-5401
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Auto-Maskin DCU-210E versions prior to 3.7
Auto-Maskin RP-210E versions prior to 3.7
Marine Pro Observer Android App versions prior to 3.7
Description
The affected devices transmit sensitive data in cleartext via unencrypted Modbus communications, allowing unauthorized actors to intercept this information. An attacker with access to the network can exploit this issue to observe configurations, settings, and sensor information, which could aid in crafting spoofed messages.
Recommendations
For Auto-Maskin DCU-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue.
For Auto-Maskin RP-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue.
For Marine Pro Observer Android App versions prior to 3.7, update to version 3.7 or later to resolve the issue.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Auto-Maskin Dcu-210E
Auto-Maskin Rp210E
Marine Pro Observer Android App