Search criteria
12 vulnerabilities found for SmartServer 2 by Echelon
VAR-201807-0326
Vulnerability from variot - Updated: 2023-12-18 12:01Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product. plural Echelon SmartServer and i.LON The product contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EchelonSmartServer1, SmartServer2 and i.LON100 are products of Echelon Corporation of the United States. EchelonSmartServer1 and SmartServer2 are multi-function controllers that support building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in EchelonSmartServer1, SmartServer versions prior to 24.11.007, and i.LON100
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartserver 2",
"scope": "lt",
"trust": 1.8,
"vendor": "echelon",
"version": "4.11.007"
},
{
"model": "i.lon 100",
"scope": null,
"trust": 1.4,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": null,
"trust": 1.4,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": "eq",
"trust": 1.0,
"vendor": "echelon",
"version": "*"
},
{
"model": "i.lon 100",
"scope": "eq",
"trust": 1.0,
"vendor": "echelon",
"version": "*"
},
{
"model": "smartserver",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "1"
},
{
"model": "smartserver \u003crelease",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "24.11.007"
},
{
"model": "i.lon",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "100"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i lon 100",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.11.007",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:i.lon_100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:i.lon_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10627"
}
]
},
"cve": "CVE-2018-10627",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10627",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18594",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-120405",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10627",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10627",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-18594",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1797",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-120405",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "VULHUB",
"id": "VHN-120405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product. plural Echelon SmartServer and i.LON The product contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EchelonSmartServer1, SmartServer2 and i.LON100 are products of Echelon Corporation of the United States. EchelonSmartServer1 and SmartServer2 are multi-function controllers that support building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in EchelonSmartServer1, SmartServer versions prior to 24.11.007, and i.LON100",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120405"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10627",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-200-03",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-18594",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FA0DE2-39AB-11E9-B60F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120405",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "VULHUB",
"id": "VHN-120405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"id": "VAR-201807-0326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "VULHUB",
"id": "VHN-120405"
}
],
"trust": 1.73333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18594"
}
]
},
"last_update_date": "2023-12-18T12:01:40.506000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.echelon.com/"
},
{
"title": "Patch for EchelonSmartServer1, SmartServer2 and i.LON100 Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/139863"
},
{
"title": "Echelon SmartServer 1 , SmartServer 2 and i.LON 100 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82591"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "NVD",
"id": "CVE-2018-10627"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-200-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10627"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10627"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "VULHUB",
"id": "VHN-120405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"db": "VULHUB",
"id": "VHN-120405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"date": "2018-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-120405"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"date": "2018-07-24T17:29:00.260000",
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"date": "2018-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18594"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120405"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008788"
},
{
"date": "2019-10-09T23:32:57.040000",
"db": "NVD",
"id": "CVE-2018-10627"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer 1 , SmartServer 2 with i.LON 100 Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2fa0de2-39ab-11e9-b60f-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1797"
}
],
"trust": 0.6
}
}
VAR-201807-1688
Vulnerability from variot - Updated: 2023-12-18 12:01Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product. Echelon SmartServer and i.LON Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EchelonSmartServer1, SmartServer2 and i.LON100 are products of Echelon Corporation of the United States. EchelonSmartServer1 and SmartServer2 are multi-function controllers that support building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1688",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartserver 2",
"scope": "lt",
"trust": 1.8,
"vendor": "echelon",
"version": "4.11.007"
},
{
"model": "i.lon 600",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 100",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 100",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 600",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "1"
},
{
"model": "smartserver \u003crelease",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "24.11.007"
},
{
"model": "i.lon",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "100"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i lon 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i lon 600",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.11.007",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:i.lon_100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:i.lon_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:i.lon_600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:i.lon_600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8859"
}
]
},
"cve": "CVE-2018-8859",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8859",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18593",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-138891",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8859",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8859",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-18593",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1793",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-138891",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "VULHUB",
"id": "VHN-138891"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product. Echelon SmartServer and i.LON Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EchelonSmartServer1, SmartServer2 and i.LON100 are products of Echelon Corporation of the United States. EchelonSmartServer1 and SmartServer2 are multi-function controllers that support building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138891"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8859",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-200-03",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1793",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-18593",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FA0DE1-39AB-11E9-A35E-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138891",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "VULHUB",
"id": "VHN-138891"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"id": "VAR-201807-1688",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "VULHUB",
"id": "VHN-138891"
}
],
"trust": 1.73333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18593"
}
]
},
"last_update_date": "2023-12-18T12:01:40.538000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.echelon.com/"
},
{
"title": "EchelonSmartServer1, SmartServer2 and i.LON100 authentication bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/139871"
},
{
"title": "Echelon SmartServer 1 , SmartServer 2 and i.LON 100 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82587"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138891"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "NVD",
"id": "CVE-2018-8859"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-200-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8859"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8859"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "VULHUB",
"id": "VHN-138891"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"db": "VULHUB",
"id": "VHN-138891"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "IVD",
"id": "e2fa0de1-39ab-11e9-a35e-000c29342cb1"
},
{
"date": "2018-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-138891"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"date": "2018-07-24T17:29:00.430000",
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"date": "2018-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18593"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138891"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008467"
},
{
"date": "2019-10-09T23:42:58.207000",
"db": "NVD",
"id": "CVE-2018-8859"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer and i.LON Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008467"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1793"
}
],
"trust": 0.6
}
}
VAR-201807-1686
Vulnerability from variot - Updated: 2023-12-18 12:01Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. Echelon SmartServer and i.LON Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Echelon SmartServer 1 and so on are products of Echelon Corporation of the United States. The Echelon SmartServer 1 is a versatile controller that supports building automation control and enterprise energy management. The i.LON 100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in several Echelon products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartserver 2",
"scope": "lt",
"trust": 1.8,
"vendor": "echelon",
"version": "4.11.007"
},
{
"model": "i.lon 600",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 100",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 100",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 600",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "1"
},
{
"model": "smartserver \u003crelease",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "24.11.007"
},
{
"model": "i.lon",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "100"
},
{
"model": "i.lon",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "600"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i lon 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i lon 600",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.11.007",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:i.lon_100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:i.lon_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:i.lon_600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:i.lon_600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8851"
}
]
},
"cve": "CVE-2018-8851",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8851",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18592",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-138883",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8851",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8851",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-18592",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1795",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-138883",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "VULHUB",
"id": "VHN-138883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. Echelon SmartServer and i.LON Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Echelon SmartServer 1 and so on are products of Echelon Corporation of the United States. The Echelon SmartServer 1 is a versatile controller that supports building automation control and enterprise energy management. The i.LON 100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in several Echelon products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138883"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8851",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-200-03",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1795",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-18592",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F9E6D2-39AB-11E9-8F03-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138883",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "VULHUB",
"id": "VHN-138883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"id": "VAR-201807-1686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "VULHUB",
"id": "VHN-138883"
}
],
"trust": 1.73333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18592"
}
]
},
"last_update_date": "2023-12-18T12:01:40.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.echelon.com/"
},
{
"title": "Patches for multiple Echelon product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/139879"
},
{
"title": "Multiple Echelon Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82589"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "NVD",
"id": "CVE-2018-8851"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-200-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8851"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "VULHUB",
"id": "VHN-138883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"db": "VULHUB",
"id": "VHN-138883"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "IVD",
"id": "e2f9e6d2-39ab-11e9-8f03-000c29342cb1"
},
{
"date": "2018-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-138883"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"date": "2018-07-24T17:29:00.353000",
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"date": "2018-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18592"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138883"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008465"
},
{
"date": "2019-10-09T23:42:57.160000",
"db": "NVD",
"id": "CVE-2018-8851"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer and i.LON Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008465"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1795"
}
],
"trust": 0.6
}
}
VAR-201807-1687
Vulnerability from variot - Updated: 2023-12-18 12:01Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. Echelon SmartServer and i.LON Contains a cryptographic vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. EchelonSmartServer1 and other products are products of Echelon Corporation of the United States. The EchelonSmartServer1 is a versatile controller that supports building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in several Echelon products that originated in the program transmitting sensitive information in clear text. An attacker could exploit the vulnerability to replace legacy files and modules with malicious firmware binaries and modules and execute code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1687",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartserver 2",
"scope": "lt",
"trust": 1.8,
"vendor": "echelon",
"version": "4.11.007"
},
{
"model": "i.lon 600",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 100",
"scope": "eq",
"trust": 1.6,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 100",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "i.lon 600",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver 1",
"scope": null,
"trust": 0.8,
"vendor": "echelon",
"version": null
},
{
"model": "smartserver",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "1"
},
{
"model": "smartserver \u003crelease",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "24.11.007"
},
{
"model": "i.lon",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "100"
},
{
"model": "i.lon",
"scope": "eq",
"trust": 0.6,
"vendor": "echelon",
"version": "600"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 1",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartserver 2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i lon 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i lon 600",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:smartserver_2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.11.007",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:smartserver_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:i.lon_100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:i.lon_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:echelon:i.lon_600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:echelon:i.lon_600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8855"
}
]
},
"cve": "CVE-2018-8855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8855",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-138887",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8855",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8855",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-18306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1794",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-138887",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "VULHUB",
"id": "VHN-138887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. Echelon SmartServer and i.LON Contains a cryptographic vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. EchelonSmartServer1 and other products are products of Echelon Corporation of the United States. The EchelonSmartServer1 is a versatile controller that supports building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in several Echelon products that originated in the program transmitting sensitive information in clear text. An attacker could exploit the vulnerability to replace legacy files and modules with malicious firmware binaries and modules and execute code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138887"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8855",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-200-03",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1794",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-18306",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F998B0-39AB-11E9-90F9-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138887",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "VULHUB",
"id": "VHN-138887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"id": "VAR-201807-1687",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "VULHUB",
"id": "VHN-138887"
}
],
"trust": 1.73333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18306"
}
]
},
"last_update_date": "2023-12-18T12:01:40.603000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.echelon.com/"
},
{
"title": "Patches for multiple Echelon Product Information Disclosure Vulnerabilities (CNVD-2018-18306)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/139839"
},
{
"title": "Multiple Echelon Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82588"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "NVD",
"id": "CVE-2018-8855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-200-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8855"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8855"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "VULHUB",
"id": "VHN-138887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"db": "VULHUB",
"id": "VHN-138887"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-11T00:00:00",
"db": "IVD",
"id": "e2f998b0-39ab-11e9-90f9-000c29342cb1"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"date": "2018-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-138887"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"date": "2018-07-24T17:29:00.400000",
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"date": "2018-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18306"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138887"
},
{
"date": "2018-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008466"
},
{
"date": "2019-10-09T23:42:57.693000",
"db": "NVD",
"id": "CVE-2018-8855"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Echelon SmartServer and i.LON Vulnerabilities related to cryptography",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1794"
}
],
"trust": 0.6
}
}
CVE-2018-8855 (GCVE-0-2018-8855)
Vulnerability from cvelistv5 – Published: 2018-07-24 17:00 – Updated: 2024-09-17 01:10
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.
Severity ?
No CVSS data available.
CWE
- CWE-319 - CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-8855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8855",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-09-17T01:10:42.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8851 (GCVE-0-2018-8851)
Vulnerability from cvelistv5 – Published: 2018-07-24 17:00 – Updated: 2024-09-16 19:37
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.
Severity ?
No CVSS data available.
CWE
- CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:45.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-8851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8851",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-09-16T19:37:04.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10627 (GCVE-0-2018-10627)
Vulnerability from cvelistv5 – Published: 2018-07-24 17:00 – Updated: 2024-09-16 21:04
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
Severity ?
No CVSS data available.
CWE
- CWE-200 - INFORMATION EXPOSURE CWE-200
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "INFORMATION EXPOSURE CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-10627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10627",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T21:04:33.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8859 (GCVE-0-2018-8859)
Vulnerability from cvelistv5 – Published: 2018-07-24 17:00 – Updated: 2024-09-17 03:48
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.
Severity ?
No CVSS data available.
CWE
- CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-8859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8859",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-09-17T03:48:36.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8855 (GCVE-0-2018-8855)
Vulnerability from nvd – Published: 2018-07-24 17:00 – Updated: 2024-09-17 01:10
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.
Severity ?
No CVSS data available.
CWE
- CWE-319 - CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-8855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8855",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-09-17T01:10:42.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8851 (GCVE-0-2018-8851)
Vulnerability from nvd – Published: 2018-07-24 17:00 – Updated: 2024-09-16 19:37
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.
Severity ?
No CVSS data available.
CWE
- CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:45.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-8851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8851",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-09-16T19:37:04.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10627 (GCVE-0-2018-10627)
Vulnerability from nvd – Published: 2018-07-24 17:00 – Updated: 2024-09-16 21:04
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
Severity ?
No CVSS data available.
CWE
- CWE-200 - INFORMATION EXPOSURE CWE-200
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "INFORMATION EXPOSURE CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-10627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10627",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T21:04:33.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8859 (GCVE-0-2018-8859)
Vulnerability from nvd – Published: 2018-07-24 17:00 – Updated: 2024-09-17 03:48
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.
Severity ?
No CVSS data available.
CWE
- CWE-288 - AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-8859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8859",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-09-17T03:48:36.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}