CVE-2018-8851

Summary

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.

Affected Software

VendorProductVersion RangeStatus
EchelonSmartServer 1all versionsaffected
EchelonSmartServer 2all versions prior to release 4.11.007affected
Echeloni.LON 100all versionsaffected
Echeloni.LON 600all versionsaffected

Weaknesses

  • CWE-256: UNPROTECTED STORAGE OF CREDENTIALS CWE-256

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References