CVE-2018-10627

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all

Description The issue allows an attacker to use the SOAP API to retrieve and change sensitive configuration items, including usernames and passwords for the Web and FTP servers.

Recommendations For Echelon SmartServer 1, update to a version that is not specified as there is no information on a fixed version. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later. For Echelon i.LON 100, at the moment, there is no information about a newer version that contains a fix for this vulnerability.