CVE-2018-8851

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all Echelon i.LON 600 versions all

Description The issue concerns the storage of passwords in plaintext, which could allow an attacker with access to the configuration file to log into the SmartServer web user interface.

Recommendations For Echelon SmartServer 1, update the configuration to securely store passwords. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later. For Echelon i.LON 100, consider implementing additional security measures to protect access to the configuration file. For Echelon i.LON 600, restrict access to the configuration file to minimize the risk of exploitation.