PT-2018-16946 · Marine Pro+1 · Marine Pro Observer Android App+2
Brian Olson
+1
·
Published
2018-10-08
·
Updated
2019-10-09
·
CVE-2018-5402
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Auto-Maskin DCU-210E versions prior to 3.7
Auto-Maskin RP-210E versions prior to 3.7
Marine Pro Observer Android App versions prior to 3.7
Description
The issue concerns the use of an embedded webserver that transmits the administrator PIN in unencrypted plaintext. This allows an authenticated attacker to change configurations, upload new configuration files, and upload executable code via file upload for firmware updates, but it requires access to the network.
Recommendations
For Auto-Maskin DCU-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue.
For Auto-Maskin RP-210E versions prior to 3.7, update to version 3.7 or later to resolve the issue.
For Marine Pro Observer Android App versions prior to 3.7, update to version 3.7 or later to resolve the issue.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Auto-Maskin Dcu-210E
Auto-Maskin Rp210E
Marine Pro Observer Android App