CVE-2018-8855

Published: Jul 24, 2018Modified: Jun 2, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.

Affected (4)

Products: Echelon: Smartserver 1 Firmware, Smartserver 2 Firmware, I.lon 100 Firmware, I.lon 600 Firmware

Echelon

4 products

Smartserver 1 Firmware

Smartserver 2 Firmware

I.lon 100 Firmware

I.lon 600 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Echelon Smartserver 1 Firmware	All versions

Running on/with	Platform Versions
Echelon Smartserver 1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Echelon Smartserver 2 Firmware	Before 4.11.007

Running on/with	Platform Versions
Echelon Smartserver 2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Echelon I.lon 100 Firmware	All versions

Running on/with	Platform Versions
Echelon I.lon 100	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Echelon I.lon 600 Firmware	All versions

Running on/with	Platform Versions
Echelon I.lon 600	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.