Auto-Maskin Dcu-210E vulnerabilities
4 known vulnerabilities affecting auto-maskin/dcu-210e.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-5399P2CRITICALCVSS 9.8≥ 3.7, < 3.72018-10-08
CVE-2018-5399 [CRITICAL] CWE-798 CVE-2018-5399: The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the f
nvd
CVE-2018-5400P3CRITICALCVSS 9.1≥ 3.7, < 3.72018-10-08
CVE-2018-5400 [CRITICAL] CWE-346 CVE-2018-5400: The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications wit
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respon
nvd
CVE-2018-5402P3HIGHCVSS 8.8≥ 3.7, < 3.72018-10-08
CVE-2018-5402 [HIGH] CWE-319 CVE-2018-5402: The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver tha
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access t
nvd
CVE-2018-5401P4MEDIUMCVSS 5.9≥ 3.7, < 3.72018-10-08
CVE-2018-5401 [MEDIUM] CWE-319 CVE-2018-5401: The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or securit
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe inf
nvd