CVE-2018-8851

CRITICAL

Echelon SmartServer <4.11.007 - Info Disclosure

Title source: llm

Description

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.

References (1)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03

Scores

CVSS v3 9.8

EPSS 0.0022

EPSS Percentile 44.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-256

Status published

Affected Products (4)

echelon/smartserver_1_firmware

echelon/smartserver_2_firmware < 4.11.007

echelon/i.lon_100_firmware

echelon/i.lon_600_firmware

Timeline

Published Jul 24, 2018

Tracked Since Feb 18, 2026