CVE-2018-5400

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...

Code injection

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...

Buffer overflow

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: A...

CVE-2018-5402 The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable co...

CVE-2018-5402

CVE-2018-5402 concerns the Auto‑Maskin DCU 210E, RP‑210E, and Marine Pro Observer Android App where the embedded web server transmits the administrator PIN in cleartext. The vulnerability allows an authenticated attacker to change configurations, upload new configuration files, and upload executa...

CVE-2018-5401 The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: A...

CVE-2018-5401

CVE-2018-5401 affects Auto-Maskin DCU 210E, RP-210E and Marine Pro Observer Android App. The embedded systems transmit process control data in cleartext via unencrypted Modbus, allowing network-based observers to infer configurations, sensors in use, and related details. Affected: ARMv7 devices p...

Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

Overview Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines. Description CWE 798: ​Use of Hard-Coded...