Vulnerability Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Echelon | Smartserver 1 Firmware | - |
| Echelon | Smartserver 1 | - |
| Echelon | Smartserver 2 Firmware | < 4.11.007 |
| Echelon | Smartserver 2 | - |
| Echelon | I.Lon 100 Firmware | - |
| Echelon | I.Lon 100 | - |
| Echelon | I.Lon 600 Firmware | - |
| Echelon | I.Lon 600 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-8851?
CVE-2018-8851 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow ...
How severe is CVE-2018-8851?
CVE-2018-8851 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-8851?
Check the references section above for vendor advisories and patch information. Affected products include: Echelon Smartserver 1 Firmware, Echelon Smartserver 1, Echelon Smartserver 2 Firmware, Echelon Smartserver 2, Echelon I.Lon 100 Firmware.