EUVD-2018-20467

Malware in sbrugna...

EUVD-2018-2699

Malware in sbrugna...

CVE-2022-3089

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

Design/Logic Flaw

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

CVE-2022-3089

The CVE-2022-3089 entry maps to EnOcean/Echelon SmartServer 2.2 with i.LON Vision 2.2, where cleartext credentials are stored in a file. This allows an attacker who retrieves that file to obtain usernames and passwords and potentially take control of the SmartServer’s web UI and FTP server. Publi...

EnOcean SmartServer

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: EnOcean Edge Inc, a subsidiary of EnOcean GmbH Equipment: SmartServer with i.LON Vision Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

Echelon i.LON Detection

Detection of Echelon i.LON devices. The script sends a connection request to the server and attempts to detect Echelon i.LON devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2018-10627

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...

CVE-2018-8851

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface...

Design/Logic Flaw

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when...

Default configuration

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP...

CVE-2018-8859

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when...

Design/Logic Flaw

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface...

Code injection

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...

CVE-2018-8851

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface...

CVE-2018-8855

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP...

CVE-2018-8859

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when...

CVE-2018-10627

CVE-2018-10627 affects Echelon SmartServer 1 (all versions), SmartServer 2 (all versions before 4.11.007), i.LON 100 (all versions), and i.LON 600 (all versions; not affecting i.LON 600 per some sources). The flaw enables information disclosure via the SOAP API, allowing an attacker to retrieve a...

CVE-2018-8855

The CVE-2018-8855 entry involves Echelon SmartServer 1 (all versions), SmartServer 2 (all versions before 4.11.007), i.LON 100 (all versions), and i.LON 600 (all versions). The vulnerability stems from cleartext transmission: devices allow unencrypted Web connections by default and can receive co...

CVE-2018-8851

CVE-2018-8851 affects Echelon SmartServer 1, SmartServer 2 (before 4.11.007), i.LON 100, and i.LON 600. The root cause is unprotected storage of credentials: passwords are stored in plaintext in configuration files, enabling an attacker with access to the config to log into the SmartServer web UI...