#VU15431 Cleartext transmission of sensitive information in Auto-Maskin - CVE–2018-5402

Cybersecurity Help s.r.o.

Published: 2018-10-19

Vulnerability identifier: #VU15431

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE–2018-5402

CWE-ID: CWE-319

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Auto-Maskin
Hardware solutions / Firmware

Vendor: Auto-Maskin

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the embedded webserver uses unencrypted plaintext for the transmission of the administrator PIN. A remote attacker can gain access to arbitrary data.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Auto-Maskin: All versions

External links
https://www.kb.cert.org/vuls/id/176301

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App