Search criteria
2 vulnerabilities by Echelon
CVE-2018-8851 (GCVE-0-2018-8851)
Vulnerability from cvelistv5 – Published: 2018-07-24 17:00 – Updated: 2024-09-16 19:37
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.
Severity ?
No CVSS data available.
CWE
- CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:45.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-8851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8851",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-09-16T19:37:04.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10627 (GCVE-0-2018-10627)
Vulnerability from cvelistv5 – Published: 2018-07-24 17:00 – Updated: 2024-09-16 21:04
VLAI?
Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
Severity ?
No CVSS data available.
CWE
- CWE-200 - INFORMATION EXPOSURE CWE-200
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Echelon | SmartServer 1 |
Affected:
all versions
|
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartServer 1",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "SmartServer 2",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions prior to release 4.11.007"
}
]
},
{
"product": "i.LON 100",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "i.LON 600",
"vendor": "Echelon",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2018-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "INFORMATION EXPOSURE CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-10627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartServer 1",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SmartServer 2",
"version": {
"version_data": [
{
"version_value": "all versions prior to release 4.11.007"
}
]
}
},
{
"product_name": "i.LON 100",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "i.LON 600",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Echelon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INFORMATION EXPOSURE CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10627",
"datePublished": "2018-07-24T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T21:04:33.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}