Vulnerability Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Echelon | Smartserver 1 Firmware | All versions |
| Echelon | Smartserver 1 | - |
| Echelon | Smartserver 2 Firmware | < 4.11.007 |
| Echelon | Smartserver 2 | - |
| Echelon | I.Lon 100 Firmware | All versions |
| Echelon | I.Lon 100 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10627?
CVE-2018-10627 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change se...
How severe is CVE-2018-10627?
CVE-2018-10627 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-10627?
Check the references section above for vendor advisories and patch information. Affected products include: Echelon Smartserver 1 Firmware, Echelon Smartserver 1, Echelon Smartserver 2 Firmware, Echelon Smartserver 2, Echelon I.Lon 100 Firmware.