How severe is CVE-2018-5400?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2018-5400?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2018-5400

CRITICAL Year: 2018

CVSS v3 Score

9.1

Critical

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-346

View all →

Vulnerability Description

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.

CVE-2017-6519

CRITICAL

CVSS:9.1(Critical)

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traf...

CWE-3462017

CVE-2019-25211

CRITICAL

CVSS:9.1(Critical)

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://...

CWE-3462019

CVE-2021-26291

CRITICAL

CVSS:9.1(Critical)

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over t...

CWE-3462021

CVE-2021-39185

CRITICAL

CVSS:9.1(Critical)

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configur...

CWE-3462021

CVE-2021-44935

CRITICAL

CVSS:9.1(Critical)

glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.

CWE-3462021

CVE-2025-25306

CRITICAL

CVSS:9.3(Critical)

Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacke...

CWE-3462025

CVE-2018-5400

Vulnerability Description

Related Vulnerabilities

CVE-2017-6519

CVE-2019-25211

CVE-2021-26291

CVE-2021-39185

CVE-2021-44935

CVE-2025-25306