Back to search
CVE-2018-8859
Published: Jul 24, 2018
Modified: Jun 2, 2026
PUBLISHED
Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.
| Vendor | Product | Versions |
|---|---|---|
Echelon | SmartServer 1 | affected all versions |
Echelon | SmartServer 2 | affected all versions prior to release 4.11.007 |
Echelon | i.LON 100 | affected all versions |
Echelon | i.LON 600 | affected all versions |
Weaknesses (CWE)
References
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now