← Back

CVE-2018-8851

nvd nist
Published: Jul 24, 2018Modified: Jun 2, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.

Affected (4)

Echelon
4 products
Smartserver 1 Firmware
Smartserver 2 Firmware
I.lon 100 Firmware
I.lon 600 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Smartserver 1 Firmware
All versions
Running on/withPlatform Versions
Echelon
Smartserver 1
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Smartserver 2 Firmware
Before 4.11.007
Running on/withPlatform Versions
Echelon
Smartserver 2
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
I.lon 100 Firmware
All versions
Running on/withPlatform Versions
Echelon
I.lon 100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
I.lon 600 Firmware
All versions
Running on/withPlatform Versions
Echelon
I.lon 600
All versions

Related CWEs

CWE-256
Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.