Vulnerability Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Echelon | Smartserver 1 Firmware | - |
| Echelon | Smartserver 1 | - |
| Echelon | Smartserver 2 Firmware | < 4.11.007 |
| Echelon | Smartserver 2 | - |
| Echelon | I.Lon 100 Firmware | - |
| Echelon | I.Lon 100 | - |
| Echelon | I.Lon 600 Firmware | - |
| Echelon | I.Lon 600 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-8859?
CVE-2018-8859 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specifi...
How severe is CVE-2018-8859?
CVE-2018-8859 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-8859?
Check the references section above for vendor advisories and patch information. Affected products include: Echelon Smartserver 1 Firmware, Echelon Smartserver 1, Echelon Smartserver 2 Firmware, Echelon Smartserver 2, Echelon I.Lon 100 Firmware.