Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03
Scores
CVSS v3
9.8
EPSS
0.0083
EPSS Percentile
52.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-319
Status
published
Products (8)
Echelon/i.LON 100
all versions
Echelon/i.LON 600
all versions
echelon/i.lon_100_firmware
echelon/i.lon_600_firmware
Echelon/SmartServer 1
all versions
Echelon/SmartServer 2
all versions prior to release 4.11.007
echelon/smartserver_1_firmware
echelon/smartserver_2_firmware
< 4.11.007
Published
Jul 24, 2018
Tracked Since
Feb 18, 2026