Marine diesel engines software developed by Auto Maskin has serious vulnerabilities
Network security researchers Brian Satira and Brian Olson have recently discovered four severe vulnerabilities in the firmware and Android software controller applications for Norwegian marine diesel engine company Auto Maskin. These vulnerabilities could give hackers the danger of controlling marine diesel engines. The hacker can remotely obtain the setting parameters of these marine diesel engines and the usage data of the sensors if the hacker can also get the electronic control unit authority of the turbine through the bus control port (ModBus) on the ship.
The four critical vulnerabilities are numbered CVE–2018-5399, CVE–2018-5400, CVE–2018-5401, CVE–2018-5402:
- CVE–2018-5399: The DCU 210E firmware contains an undocumented Dropbear SSH server with a hardcoded username and password, which is easy to crack.
- CVE–2018-5400: The Auto-Maskin products use an undocumented custom protocol to set up Modbus communications with other devices without validating those devices.
- CVE–2018-5401: The devices transmit process control information via unencrypted Modbus communications.
- CVE–2018-5402: The embedded web server uses unencrypted plaintext for the transmission of the administrator PIN.
The CVE-2018-5401 and CVE-2018-5400 will affect Auto-Maskin’s Marin Pro field device and related Marine Pro Observer Android software applications. Hackers can get valuable information by eavesdropping on data from the bus control port (Modbus) TCP packets. The hacker can then issue commands to the turbines in the turbine’s LAN through the port, including a man-in-the-middle attack on the ship’s turbine.
The researchers reported the high vulnerability to Auto-maskin but did not receive a response from the company within 18 months. Therefore, theses weakness was notified to the Norwegian National Internet Emergency Center (NorCERT). They responded that they were aware of the above vulnerabilities but did not comment on the handling of the weakness.
Via: helpnetsecurity
