Lucene search

CertccCVE-2018-5402

HistoryOct 08, 2018 - 3:29 p.m.

CVE-2018-5402

2018-10-0815:29:02

CWE-319

CWE-310

certcc

web.nvd.nist.gov

cve-2018-5402

auto-maskin dcu

rp-210e

marine pro observer

android app

unencrypted plaintext

administrator pin

configuration change

firmware update

network access

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

28.2%

JSON

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

Affected configurations

Nvd

Node

auto-maskinrp_210e_firmwareMatch-

AND

armarm7Range<3.7

auto-maskinrp_210eMatch-

Node

auto-maskindcu_210e_firmwareMatch-

AND

armarm7Range<3.7

auto-maskindcu_210eMatch-

Node

auto-maskinmarine_pro_observerMatch-android

VendorProductVersionCPE
auto-maskinrp_210e_firmware-cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*
armarm7*cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*
auto-maskinrp_210e-cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*
auto-maskindcu_210e_firmware-cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*
auto-maskindcu_210e-cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*
auto-maskinmarine_pro_observer-cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
auto-maskin	rp_210e_firmware	-	cpe:2.3:o:auto-maskin:rp_210e_firmware:-:::::::*
arm	arm7	*	cpe:2.3:h:arm:arm7::::::::
auto-maskin	rp_210e	-	cpe:2.3:h:auto-maskin:rp_210e:-:::::::*
auto-maskin	dcu_210e_firmware	-	cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:::::::*
auto-maskin	dcu_210e	-	cpe:2.3:h:auto-maskin:dcu_210e:-:::::::*
auto-maskin	marine_pro_observer	-	cpe:2.3:a:auto-maskin:marine_pro_observer:-:::::android::

CNA Affected

[
  {
    "platforms": [
      "ARMv7"
    ],
    "product": "DCU-210E",
    "vendor": "Auto-Maskin",
    "versions": [
      {
        "lessThan": "3.7",
        "status": "affected",
        "version": "3.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "ARMv7"
    ],
    "product": "RP-210E",
    "vendor": "Auto-Maskin",
    "versions": [
      {
        "lessThan": "3.7",
        "status": "affected",
        "version": "3.7",
        "versionType": "custom"
      }
    ]
  }
]

References

www.kb.cert.org/vuls/id/176301

www.us-cert.gov/ics/advisories/icsa-20-051-04

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

28.2%

JSON

Related for CVE-2018-5402