Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:echelon:smartserver_2_firmware:4.08.012:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-8859 |
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product. Published: July 24, 2018; 1:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-8855 |
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. Published: July 24, 2018; 1:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-8851 |
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. Published: July 24, 2018; 1:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2018-10627 |
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product. Published: July 24, 2018; 1:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 6.4 MEDIUM |