Vulnerability Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Echelon | Smartserver 1 Firmware | - |
| Echelon | Smartserver 1 | - |
| Echelon | Smartserver 2 Firmware | < 4.11.007 |
| Echelon | Smartserver 2 | - |
| Echelon | I.Lon 100 Firmware | - |
| Echelon | I.Lon 100 | - |
| Echelon | I.Lon 600 Firmware | - |
| Echelon | I.Lon 600 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-8855?
CVE-2018-8855 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, ...
How severe is CVE-2018-8855?
CVE-2018-8855 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-8855?
Check the references section above for vendor advisories and patch information. Affected products include: Echelon Smartserver 1 Firmware, Echelon Smartserver 1, Echelon Smartserver 2 Firmware, Echelon Smartserver 2, Echelon I.Lon 100 Firmware.