Vulnerability Details CVE-2018-8851
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2018-8851
-
cpe:2.3:h:echelon:i.lon_100:-
-
cpe:2.3:h:echelon:i.lon_600:-
-
cpe:2.3:h:echelon:smartserver_1:-
-
cpe:2.3:h:echelon:smartserver_2:-
-
cpe:2.3:o:echelon:i.lon_100_firmware:-
-
cpe:2.3:o:echelon:i.lon_600_firmware:-
-
cpe:2.3:o:echelon:smartserver_1_firmware:-
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.06.048
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.06.057
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.07
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.07.018
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.08.012
-
cpe:2.3:o:echelon:smartserver_2_firmware:4.10.011