DCU-210E
by Auto-Maskin
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5400 | 0.00 | — | 0.00 | Oct 8, 2018 | The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446… | |||
| CVE-2018-5402 | 0.00 | — | 0.00 | Oct 8, 2018 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and… | |||
| CVE-2018-5401 | 0.00 | — | 0.00 | Oct 8, 2018 | The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus… | |||
| CVE-2018-5399 | 0.00 | — | 0.00 | Oct 8, 2018 | The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured… |
- CVE-2018-5400Oct 8, 2018risk 0.00cvss —epss 0.00
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446…
- CVE-2018-5402Oct 8, 2018risk 0.00cvss —epss 0.00
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and…
- CVE-2018-5401Oct 8, 2018risk 0.00cvss —epss 0.00
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus…
- CVE-2018-5399Oct 8, 2018risk 0.00cvss —epss 0.00
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured…