Vulnerability Details CVE-2018-10627
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.4
References
Products affected by CVE-2018-10627
-
cpe:2.3:h:echelon:i.lon_100:-
-
cpe:2.3:h:echelon:smartserver_1:-
-
cpe:2.3:h:echelon:smartserver_2:-
-
cpe:2.3:o:echelon:i.lon_100_firmware:-
-
cpe:2.3:o:echelon:smartserver_1_firmware:-
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.06.048
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.06.057
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.07
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.07.018
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.08.012
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.10.011