CVE-2018-8855

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:echelon:smartserver_1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:echelon:smartserver_1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:echelon:smartserver_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:echelon:smartserver_2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:echelon:i.lon_100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:echelon:i.lon_100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:echelon:i.lon_600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:echelon:i.lon_600:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-24 17:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-8855

Mitre link : CVE-2018-8855

CVE.ORG link : CVE-2018-8855


JSON object : View

Products Affected

echelon

  • smartserver_1
  • i.lon_600_firmware
  • smartserver_2
  • i.lon_100_firmware
  • i.lon_600
  • i.lon_100
  • smartserver_1_firmware
  • smartserver_2_firmware
CWE
CWE-319

Cleartext Transmission of Sensitive Information