Echelon

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-3089 1Echelon 1I.lon Vision Nov 21, 2024 Feb 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, t...Show more Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server. Show less
CVE-2018-8859 1Echelon 4I.lon 100 Firmware I.lon 600 FirmwareSmartserver 1 Firmware+1 more Jun 2, 2026 Jul 24, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security c...Show more Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.Show less
CVE-2018-8855 1Echelon 4I.lon 100 Firmware I.lon 600 FirmwareSmartserver 1 Firmware+1 more Jun 2, 2026 Jul 24, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can rece...Show more Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.Show less
CVE-2018-8851 1Echelon 4I.lon 100 Firmware I.lon 600 FirmwareSmartserver 1 Firmware+1 more Jun 2, 2026 Jul 24, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with acc...Show more Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.Show less
CVE-2018-10627 1Echelon 3I.lon 100 Firmware Smartserver 1 FirmwareSmartserver 2 Firmware Jun 2, 2026 Jul 24, 2018 N/A· v4 9.8 CRITICAL· v3 6.4 MEDIUM· v2 Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuratio...Show more Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.Show less