Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03
Scores
CVSS v3
9.8
EPSS
0.0130
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-256
CWE-522
Status
published
Products (8)
Echelon/i.LON 100
all versions
Echelon/i.LON 600
all versions
echelon/i.lon_100_firmware
echelon/i.lon_600_firmware
Echelon/SmartServer 1
all versions
Echelon/SmartServer 2
all versions prior to release 4.11.007
echelon/smartserver_1_firmware
echelon/smartserver_2_firmware
< 4.11.007
Published
Jul 24, 2018
Tracked Since
Feb 18, 2026