4 matches found
CVE-2018-10627
CVE-2018-10627 affects Echelon SmartServer 1 (all versions), SmartServer 2 (all versions before 4.11.007), i.LON 100 (all versions), and i.LON 600 (all versions; not affecting i.LON 600 per some sources). The flaw enables information disclosure via the SOAP API, allowing an attacker to retrieve a...
CVE-2018-8855
The CVE-2018-8855 entry involves Echelon SmartServer 1 (all versions), SmartServer 2 (all versions before 4.11.007), i.LON 100 (all versions), and i.LON 600 (all versions). The vulnerability stems from cleartext transmission: devices allow unencrypted Web connections by default and can receive co...
CVE-2018-8851
CVE-2018-8851 affects Echelon SmartServer 1, SmartServer 2 (before 4.11.007), i.LON 100, and i.LON 600. The root cause is unprotected storage of credentials: passwords are stored in plaintext in configuration files, enabling an attacker with access to the config to log into the SmartServer web UI...
CVE-2018-8859
CVE-2018-8859 affects Echelon SmartServer 1, SmartServer 2 (before 4.11.007) and i.LON 100; i.LON 600 is not affected. The issue allows bypassing required authentication by appending extra characters to a directory name when selecting a directory, effectively bypassing security configured in the ...