CVE-2018-8855

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all Echelon i.LON 600 versions all

Description The issue concerns the default configuration of the devices, which allows unencrypted Web connections. Additionally, the devices can receive configuration and firmware updates via unsecure FTP.

Recommendations For Echelon SmartServer 1, update the configuration to use encrypted Web connections and secure FTP for updates. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later to address the issue. For Echelon i.LON 100, consider disabling unencrypted Web connections and unsecure FTP updates until a secure configuration can be implemented. For Echelon i.LON 600, restrict the use of unsecure FTP for configuration and firmware updates until a secure alternative is available.