PT-2018-10014 · Echelon · Echelon Smartserver 2+2

Daniel Crowley

Published

2018-07-24

Updated

2019-10-09

CVE-2018-10627

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all

Description The issue allows an attacker to use the SOAP API to retrieve and change sensitive configuration items, including usernames and passwords for the Web and FTP servers.

Recommendations For Echelon SmartServer 1, update to a version that is not specified as there is no information on a fixed version. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later. For Echelon i.LON 100, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-10627

Affected Products

Echelon Smartserver 1

Echelon Smartserver 2

Echelon I.Lon 100

PT-2018-10014 · Echelon · Echelon Smartserver 2+2

CVE-2018-10627

Weakness Enumeration

Related Identifiers

Affected Products

References · 3