PT-2018-18663 · Echelon · Echelon I.Lon 100+3
Daniel Crowley
·
Published
2018-07-24
·
Updated
2026-06-02
·
CVE-2018-8851
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Echelon SmartServer 1 versions all
Echelon SmartServer 2 versions prior to 4.11.007
Echelon i.LON 100 versions all
Echelon i.LON 600 versions all
Description
The issue concerns the storage of passwords in plaintext, which could allow an attacker with access to the configuration file to log into the SmartServer web user interface.
Recommendations
For Echelon SmartServer 1, update the configuration to securely store passwords.
For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later.
For Echelon i.LON 100, consider implementing additional security measures to protect access to the configuration file.
For Echelon i.LON 600, restrict access to the configuration file to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Echelon Smartserver 1
Echelon Smartserver 2
Echelon I.Lon 100
Echelon I.Lon 600