8 matches found
EUVD-2018-17169
Malware in sbrugna...
CVE-2018-5402
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable co...
CVE-2018-5400
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...
Code injection
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...
Hardcoded credentials
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
CVE-2018-5401
CVE-2018-5401 affects Auto-Maskin DCU 210E, RP-210E and Marine Pro Observer Android App. The embedded systems transmit process control data in cleartext via unencrypted Modbus, allowing network-based observers to infer configurations, sensors in use, and related details. Affected: ARMv7 devices p...
CVE-2018-5399
CVE-2018-5399 affects Auto-Maskin DCU-210E RP-210E firmware (ARMv7) versions prior to 3.7. The firmware contains an undocumented Dropbear SSH server (v2015.55) listening on port 22 with hard-coded credentials (root / amroot) and password-only authentication, while an RSA host-key is present. This...
PT-2018-16943 · Auto Maskin +3 · Auto-Maskin Dcu-210E +3
Name of the Vulnerable Software and Affected Versions: Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7 Description: The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a...