CWE 798:୕se of Hard-Coded Credentials – CVE–2018-5399 The DCU 210E firmware contains an undocumented Dropbear SSH server with a hardcoded username and password. The password is easily susceptible to cracking. CWE-346:rigin Validation Error – CVE–2018-5400 The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. CWE-319:ୃleartext Transmission of Sensitive Information – CVE–2018-5401 The devices transmit process control information via unencrypted Modbus communications. CWE-319:ୃleartext Transmission of Sensitive Information – CVE–2018-5402 The embedded webserver uses unencrypted plaintext for the transmission of the administrator PIN.