Contact Contact Us

Researchers Find Firmware Vulnerabilities In Marine Diesel Engine Controllers

Researchers found four several authentication and encryption firmware vulnerabilities in marine diesel engine controllers and their Android applications by Norwegian marine supplier Auto-Maskin. These vulnerabilities could be abused by attackers to modify firmware and configuration files, install malware, and take control of a vessel’s engines. For instance, two vulnerabilities (CVE-2018-5401 and CVE-2018-5400) affect Auto-Maskin Marine Pro field devices and Marine Pro Observer Android application. They could also be exploited to send spoofed Modbus TCP packets to any Marine Pro field device to modify supported settings, including turning off a vessel’s engines.

[1] Aircraft Analysis Tool Facing the Internet Exposes Airlines to Risks

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883