CVE-2018-10627
CRITICALEchelon SmartServer <4.11.007, i.LON 100, i.LON - Info Disclosure
Title source: llmDescription
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03
Scores
CVSS v3
9.8
EPSS
0.0123
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (7)
Echelon/i.LON 100
all versions
Echelon/i.LON 600
all versions
echelon/i.lon_100_firmware
Echelon/SmartServer 1
all versions
Echelon/SmartServer 2
all versions prior to release 4.11.007
echelon/smartserver_1_firmware
echelon/smartserver_2_firmware
< 4.11.007
Published
Jul 24, 2018
Tracked Since
Feb 18, 2026