VYPR

Marine Pro Observer Android App

by Auto-Maskin

CVEs (3)

  • CVE-2018-5402CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and…

  • CVE-2018-5401CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus…

  • CVE-2018-5400CriOct 8, 2018
    risk 0.59cvss 9.1epss 0.01

    The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446…