CVE-2018-5400

🗓️ 08 Oct 2018 15:00:00Reported by certccType

Auto-Maskin products vulnerable to unauthorized Modbus communications. Spoofing or replay attacks possible. Affected Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2018-5400 The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error	8 Oct 201815:00	–	cvelist
EUVD	EUVD-2018-17170	7 Oct 202500:30	–	euvd
ICS	Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)	20 Feb 202000:00	–	ics
NVD	CVE-2018-5400	8 Oct 201815:29	–	nvd
Prion	Code injection	8 Oct 201815:29	–	prion
CERT	Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App	6 Oct 201800:00	–	cert

NVD

Node

auto-maskin rp_210e_firmwareMatch-

AND

arm arm7Range<3.7

auto-maskin rp_210eMatch-

Node

auto-maskin dcu_210e_firmwareMatch-

AND

arm arm7Range<3.7

auto-maskin dcu_210eMatch-

[
  {
    "platforms": [
      "ARMv7"
    ],
    "product": "DCU-210E",
    "vendor": "Auto-Maskin",
    "versions": [
      {
        "lessThan": "3.7",
        "status": "affected",
        "version": "3.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "ARMv7"
    ],
    "product": "RP-210E",
    "vendor": "Auto-Maskin",
    "versions": [
      {
        "lessThan": "3.7",
        "status": "affected",
        "version": "3.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "android"
    ],
    "product": "Marine Pro Observer Android App",
    "vendor": "Auto-Maskin",
    "versions": [
      {
        "status": "unknown",
        "version": "0.1"
      }
    ]
  }
]

Source	Link
us-cert	www.us-cert.gov/ics/advisories/icsa-20-051-04
kb	www.kb.cert.org/vuls/id/176301

21 Nov 2024 04:08Current

9.2High risk

Vulners AI Score9.2

CVSS 26.4

CVSS 39.1

EPSS0.00106

CWE-346