cvelistv5 - cve-2018-5400

CVE-2018-5400 (GCVE-0-2018-5400)

Vulnerability from cvelistv5 – Published: 2018-10-08 15:00 – Updated: 2024-09-16 18:08

Summary

Severity ?

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-346 - Origin Validation Error

Assigner

certcc

References

URL

Tags

	https://www.kb.cert.org/vuls/id/176301	third-party-advisoryx_refsource_CERT-VN
	https://www.us-cert.gov/ics/advisories/icsa-20-051-04	x_refsource_MISC

Impacted products

Vendor

Product

Version

Auto-Maskin

DCU-210E

Affected: 3.7 , < 3.7 (custom)

	Auto-Maskin	RP-210E	Affected: 3.7 , < 3.7 (custom)
	Auto-Maskin	Marine Pro Observer Android App	Unknown: 0.1

Credits

Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#176301",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/176301"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "ARMv7"
          ],
          "product": "DCU-210E",
          "vendor": "Auto-Maskin",
          "versions": [
            {
              "lessThan": "3.7",
              "status": "affected",
              "version": "3.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARMv7"
          ],
          "product": "RP-210E",
          "vendor": "Auto-Maskin",
          "versions": [
            {
              "lessThan": "3.7",
              "status": "affected",
              "version": "3.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "android"
          ],
          "product": "Marine Pro Observer Android App",
          "vendor": "Auto-Maskin",
          "versions": [
            {
              "status": "unknown",
              "version": "0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway"
        }
      ],
      "datePublic": "2018-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346: Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-24T14:50:31",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#176301",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/176301"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2018-10-01T04:00:00.000Z",
          "ID": "CVE-2018-5400",
          "STATE": "PUBLIC",
          "TITLE": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DCU-210E",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "ARMv7",
                            "version_affected": "\u003c",
                            "version_name": "3.7",
                            "version_value": "3.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RP-210E",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "platform": "ARMv7",
                            "version_affected": "\u003c",
                            "version_name": "3.7",
                            "version_value": "3.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Marine Pro Observer Android App",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "platform": "android",
                            "version_affected": "?",
                            "version_value": "0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Auto-Maskin"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-346: Origin Validation Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#176301",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/176301"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5400",
    "datePublished": "2018-10-08T15:00:00Z",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-09-16T18:08:45.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6276379-86DE-440E-88B1-E2B4AC1A1DD6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.7\", \"matchCriteriaId\": \"D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B7F66D3-0436-4BF6-A177-C04C59BFAEE5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4121F18D-C67D-402B-85EB-7768BED46A82\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.7\", \"matchCriteriaId\": \"D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"378677CF-D35D-4122-B481-3B7FCF6F4D27\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \\\"Hello World\\\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.\"}, {\"lang\": \"es\", \"value\": \"Los productos Auto-Maskin emplean un protocolo personalizado sin documentar para establecer comunicaciones Modbus con otros dispositivos sin validarlos. El dispositivo de origen env\\u00eda un mensaje en texto plano, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \\\"Hello World\\\" mediante los puertos UDP 44444-44446 a la direcci\\u00f3n de retransmisi\\u00f3n para el LAN. Sin verificaci\\u00f3n, los dispositivos responden a cualquiera de estos mensajes de transmisi\\u00f3n en la red LAN con una respuesta en texto plano mediante UDP conteniendo el modelo del dispositivo y la versi\\u00f3n de firmware. Siguiendo este intercambio, los dispositivos permiten las transmisiones Modbus entre los dos dispositivos en el puerto Modbus est\\u00e1ndar TCP 502. Impacto: un atacante puede explotar esta vulnerabilidad para enviar mensajes arbitrarios a cualquier dispositivo DCU o RP mediante ataques de suplantaci\\u00f3n o reproducci\\u00f3n durante el tiempo en el que tengan acceso a la red. Las versiones afectadas son Auto-Maskin DCU-210E RP-210E: versiones anteriores a la 3.7 en ARMv7.\"}]",
      "id": "CVE-2018-5400",
      "lastModified": "2024-11-21T04:08:44.580",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-08T15:29:02.727",
      "references": "[{\"url\": \"https://www.kb.cert.org/vuls/id/176301\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-051-04\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/176301\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-051-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-346\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-346\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5400\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-10-08T15:29:02.727\",\"lastModified\":\"2024-11-21T04:08:44.580\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \\\"Hello World\\\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.\"},{\"lang\":\"es\",\"value\":\"Los productos Auto-Maskin emplean un protocolo personalizado sin documentar para establecer comunicaciones Modbus con otros dispositivos sin validarlos. El dispositivo de origen env\u00eda un mensaje en texto plano, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \\\"Hello World\\\" mediante los puertos UDP 44444-44446 a la direcci\u00f3n de retransmisi\u00f3n para el LAN. Sin verificaci\u00f3n, los dispositivos responden a cualquiera de estos mensajes de transmisi\u00f3n en la red LAN con una respuesta en texto plano mediante UDP conteniendo el modelo del dispositivo y la versi\u00f3n de firmware. Siguiendo este intercambio, los dispositivos permiten las transmisiones Modbus entre los dos dispositivos en el puerto Modbus est\u00e1ndar TCP 502. Impacto: un atacante puede explotar esta vulnerabilidad para enviar mensajes arbitrarios a cualquier dispositivo DCU o RP mediante ataques de suplantaci\u00f3n o reproducci\u00f3n durante el tiempo en el que tengan acceso a la red. Las versiones afectadas son Auto-Maskin DCU-210E RP-210E: versiones anteriores a la 3.7 en ARMv7.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6276379-86DE-440E-88B1-E2B4AC1A1DD6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.7\",\"matchCriteriaId\":\"D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B7F66D3-0436-4BF6-A177-C04C59BFAEE5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4121F18D-C67D-402B-85EB-7768BED46A82\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.7\",\"matchCriteriaId\":\"D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"378677CF-D35D-4122-B481-3B7FCF6F4D27\"}]}]}],\"references\":[{\"url\":\"https://www.kb.cert.org/vuls/id/176301\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-051-04\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/176301\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-051-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ICSA-20-051-04

Vulnerability from csaf_cisa - Published: 2020-02-20 00:00 - Updated: 2020-02-20 00:00

Summary

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow a remote attacker to gain root access to the underlying operating system of the device and may allow read/write access.

Critical infrastructure sectors

Transportation Systems

Countries/areas deployed

Worldwide

Company headquarters location

Norway

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow a remote attacker to gain root access to the underlying operating system of the device and may allow read/write access.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Norway",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-051-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-051-04.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-051-04 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-051-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)",
    "tracking": {
      "current_release_date": "2020-02-20T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-051-04",
      "initial_release_date": "2020-02-20T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-02-20T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-051-04 Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App)"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.7",
                "product": {
                  "name": "RP210E: Versions 3.7 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "RP210E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.7",
                "product": {
                  "name": "DCU210E: Versions 3.7 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "DCU210E"
          }
        ],
        "category": "vendor",
        "name": "Auto-Maskin"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-5402",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The embedded web server software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.CVE-2018-5402 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5402"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Auto-Maskin reports new firmware is available to download from its website that mitigates the reported vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.auto-maskin.com/support/#tab-de65b02c5fd73132c98"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-5401",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.CVE-2018-5401 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5401"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Auto-Maskin reports new firmware is available to download from its website that mitigates the reported vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.auto-maskin.com/support/#tab-de65b02c5fd73132c98"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-5400",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The software does not properly verify that the source of data or communication is valid.CVE-2018-5400 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5400"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Auto-Maskin reports new firmware is available to download from its website that mitigates the reported vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.auto-maskin.com/support/#tab-de65b02c5fd73132c98"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-5399",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.CVE-2018-5399 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5399"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Auto-Maskin reports new firmware is available to download from its website that mitigates the reported vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.auto-maskin.com/support/#tab-de65b02c5fd73132c98"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-6560",
      "cwe": {
        "id": "CWE-640",
        "name": "Weak Password Recovery Mechanism for Forgotten Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.CVE-2019-6560 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6560"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Auto-Maskin reports new firmware is available to download from its website that mitigates the reported vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.auto-maskin.com/support/#tab-de65b02c5fd73132c98"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-6558",
      "cwe": {
        "id": "CWE-521",
        "name": "Weak Password Requirements"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The product contains multiple weak password requirements, which makes it easier for attackers to compromise user accounts.CVE-2019-6558 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6568"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Auto-Maskin reports new firmware is available to download from its website that mitigates the reported vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.auto-maskin.com/support/#tab-de65b02c5fd73132c98"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

VAR-201810-1414

Vulnerability from variot - Updated: 2023-12-18 12:28

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. Auto-Maskin RP With remote panel DCU The control unit is a product that monitors and controls the ship's engine. These products have multiple vulnerabilities related to authentication and encryption that can be accessed by an attacker and take over the engine operation of the ship. Problems with hard-coded credentials (CWE-798) - CVE-2018-5399 DCU 210E No firmware Dropbear SSH server Is included, but this is not documented. Also, SSH The username and password for the connection are hard-coded and the password is easily guessable. Insufficient validation of connection source (CWE-346) - CVE-2018-5400 The product uses a proprietary protocol that is not documented to communicate with other equipment. Modbus We are communicating, but we have not verified the validity of the connection between devices. Sensitive information is sent in clear text (CWE-319) - CVE-2018-5401 The product is not encrypted Modbus Sending control information using communication. Sensitive information is sent in clear text (CWE-319) - CVE-2018-5402 The web server included in the product is an administrator using plain text that is not encrypted. PIN Sending code. These vulnerabilities Brian Satira Mr and Brian Olson Reported by him.An attacker could use this vulnerability to obtain information such as device configuration, configuration information, and sensor operating status. Also any Modbus ( control ) Information may also be sent. Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App are prone to the following security vulnerabilities: 1. An hard-coded credentials security bypass Vulnerability. 2. A security-bypass vulnerability. 3. Multiple information disclosure vulnerabilities. Attackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and obtain sensitive information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-1414",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dcu 210e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "auto maskin",
        "version": null
      },
      {
        "model": "rp 210e",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "auto maskin",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "auto maskin as",
        "version": null
      },
      {
        "model": "dcu 210e",
        "scope": null,
        "trust": 0.8,
        "vendor": "auto maskin",
        "version": null
      },
      {
        "model": "marine pro observer",
        "scope": null,
        "trust": 0.8,
        "vendor": "auto maskin",
        "version": null
      },
      {
        "model": "rp 210e",
        "scope": null,
        "trust": 0.8,
        "vendor": "auto maskin",
        "version": null
      },
      {
        "model": "as marine pro observer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "auto maskin",
        "version": "0"
      },
      {
        "model": "as dcu 210e rp 210e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "auto maskin",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176301"
      },
      {
        "db": "BID",
        "id": "105714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008149"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.7",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.7",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brian Satira and Brian Olson",
    "sources": [
      {
        "db": "BID",
        "id": "105714"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-5400",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-135431",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-5400",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "cret@cert.org",
            "id": "CVE-2018-5400",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-260",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-135431",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135431"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. Auto-Maskin RP With remote panel DCU The control unit is a product that monitors and controls the ship\u0027s engine. These products have multiple vulnerabilities related to authentication and encryption that can be accessed by an attacker and take over the engine operation of the ship. Problems with hard-coded credentials (CWE-798) - CVE-2018-5399 DCU 210E No firmware Dropbear SSH server Is included, but this is not documented. Also, SSH The username and password for the connection are hard-coded and the password is easily guessable. Insufficient validation of connection source (CWE-346) - CVE-2018-5400 The product uses a proprietary protocol that is not documented to communicate with other equipment. Modbus We are communicating, but we have not verified the validity of the connection between devices. Sensitive information is sent in clear text (CWE-319) - CVE-2018-5401 The product is not encrypted Modbus Sending control information using communication. Sensitive information is sent in clear text (CWE-319) - CVE-2018-5402 The web server included in the product is an administrator using plain text that is not encrypted. PIN Sending code. These vulnerabilities Brian Satira Mr and Brian Olson Reported by him.An attacker could use this vulnerability to obtain information such as device configuration, configuration information, and sensor operating status. Also any Modbus ( control ) Information may also be sent. Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App are prone to the following security vulnerabilities:\n1. An hard-coded credentials security bypass Vulnerability. \n2. A security-bypass vulnerability. \n3. Multiple information disclosure vulnerabilities. \nAttackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and obtain sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176301"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008149"
      },
      {
        "db": "BID",
        "id": "105714"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135431"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#176301",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400",
        "trust": 2.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-051-04",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU99039923",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008149",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-260",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0648",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "105714",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-135431",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176301"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135431"
      },
      {
        "db": "BID",
        "id": "105714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008149"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ]
  },
  "id": "VAR-201810-1414",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135431"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:28:38.271000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-346",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-135431"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.kb.cert.org/vuls/id/176301"
      },
      {
        "trust": 1.7,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5401"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5402"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5399"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5400"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99039923/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5399"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5400"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5401"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5402"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0648/"
      },
      {
        "trust": 0.3,
        "url": "https://www.auto-maskin.com/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176301"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135431"
      },
      {
        "db": "BID",
        "id": "105714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008149"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#176301"
      },
      {
        "db": "VULHUB",
        "id": "VHN-135431"
      },
      {
        "db": "BID",
        "id": "105714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008149"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#176301"
      },
      {
        "date": "2018-10-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135431"
      },
      {
        "date": "2018-10-06T00:00:00",
        "db": "BID",
        "id": "105714"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008149"
      },
      {
        "date": "2018-10-08T15:29:02.727000",
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#176301"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-135431"
      },
      {
        "date": "2018-10-06T00:00:00",
        "db": "BID",
        "id": "105714"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008149"
      },
      {
        "date": "2019-10-09T23:41:17.797000",
        "db": "NVD",
        "id": "CVE-2018-5400"
      },
      {
        "date": "2020-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176301"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-260"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-5400

Vulnerability from fkie_nvd - Published: 2018-10-08 15:29 - Updated: 2024-11-21 04:08

Severity ?

9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
cret@cert.org	https://www.kb.cert.org/vuls/id/176301	Third Party Advisory, US Government Resource
cret@cert.org	https://www.us-cert.gov/ics/advisories/icsa-20-051-04
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/176301	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-20-051-04

Impacted products

Vendor	Product	Version
auto-maskin	rp_210e_firmware	-
arm	arm7	*
auto-maskin	rp_210e	-
auto-maskin	dcu_210e_firmware	-
arm	arm7	*
auto-maskin	dcu_210e	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6276379-86DE-440E-88B1-E2B4AC1A1DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4",
              "versionEndExcluding": "3.7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B7F66D3-0436-4BF6-A177-C04C59BFAEE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4121F18D-C67D-402B-85EB-7768BED46A82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D64AEAAE-5F7C-43B9-AACA-39C927BDB5B4",
              "versionEndExcluding": "3.7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "378677CF-D35D-4122-B481-3B7FCF6F4D27",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."
    },
    {
      "lang": "es",
      "value": "Los productos Auto-Maskin emplean un protocolo personalizado sin documentar para establecer comunicaciones Modbus con otros dispositivos sin validarlos. El dispositivo de origen env\u00eda un mensaje en texto plano, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" mediante los puertos UDP 44444-44446 a la direcci\u00f3n de retransmisi\u00f3n para el LAN. Sin verificaci\u00f3n, los dispositivos responden a cualquiera de estos mensajes de transmisi\u00f3n en la red LAN con una respuesta en texto plano mediante UDP conteniendo el modelo del dispositivo y la versi\u00f3n de firmware. Siguiendo este intercambio, los dispositivos permiten las transmisiones Modbus entre los dos dispositivos en el puerto Modbus est\u00e1ndar TCP 502. Impacto: un atacante puede explotar esta vulnerabilidad para enviar mensajes arbitrarios a cualquier dispositivo DCU o RP mediante ataques de suplantaci\u00f3n o reproducci\u00f3n durante el tiempo en el que tengan acceso a la red. Las versiones afectadas son Auto-Maskin DCU-210E RP-210E: versiones anteriores a la 3.7 en ARMv7."
    }
  ],
  "id": "CVE-2018-5400",
  "lastModified": "2024-11-21T04:08:44.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-08T15:29:02.727",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/176301"
    },
    {
      "source": "cret@cert.org",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/176301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HMX9-H7XX-529H

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-5400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-08T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.",
  "id": "GHSA-hmx9-h7xx-529h",
  "modified": "2022-05-13T01:32:12Z",
  "published": "2022-05-13T01:32:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5400"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/176301"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-5400

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-5400

Aliases

CVE-2018-5400

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-5400",
    "description": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.",
    "id": "GSD-2018-5400"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-5400"
      ],
      "details": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.",
      "id": "GSD-2018-5400",
      "modified": "2023-12-13T01:22:39.730631Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "DATE_PUBLIC": "2018-10-01T04:00:00.000Z",
        "ID": "CVE-2018-5400",
        "STATE": "PUBLIC",
        "TITLE": "The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DCU-210E ",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "platform": "ARMv7",
                          "version_name": "3.7",
                          "version_value": "3.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "RP-210E",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "platform": "ARMv7",
                          "version_name": "3.7",
                          "version_value": "3.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Marine Pro Observer Android App",
                    "version": {
                      "version_data": [
                        {
                          "affected": "?",
                          "platform": "android",
                          "version_value": "0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Auto-Maskin"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Reporters: Brian Satira, Brian Olson, Organization: Project Gunsway"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-346: Origin Validation Error"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#176301",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/176301"
          },
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "The devices should implement Modbus TCP Security Protocol (v21, 2018) per Modbus specifications over port 802 TCP, for Modbus TCP with encryption and authentication. \n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:auto-maskin:rp_210e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:auto-maskin:rp_210e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.7",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:auto-maskin:dcu_210e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:arm:arm7:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.7",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:auto-maskin:dcu_210e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5400"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, \"Hello World\" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-346"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#176301",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/176301"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2019-10-09T23:41Z",
      "publishedDate": "2018-10-08T15:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-5400 (GCVE-0-2018-5400)

ICSA-20-051-04

VAR-201810-1414

FKIE_CVE-2018-5400

GHSA-HMX9-H7XX-529H

GSD-2018-5400

Tags

Sightings

Nomenclature