GCVE - cpe:2.3:a:echelon:i.lon_100:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:echelon:i.lon_100:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Echelon (`072051df-f9ea-54e5-b99f-0caeb5f327c1`)
Product	I.Lon 100 (`7432b3b2-7df7-5ae4-8283-914ec682b297`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-8859`	vulnerable	2026-06-08 05:12:06.587493	Details available Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product. Published: 2018-07-24T17:00:00.000Z Updated: 2026-06-02T19:43:22.063Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-8855`	vulnerable	2026-06-08 05:12:06.580004	Details available Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. Published: 2018-07-24T17:00:00.000Z Updated: 2026-06-02T19:53:51.367Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-8851`	vulnerable	2026-06-08 05:12:06.566139	Details available Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. Published: 2018-07-24T17:00:00.000Z Updated: 2026-06-02T19:58:52.622Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10627`	vulnerable	2026-06-08 05:10:35.217579	Details available Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product. Published: 2018-07-24T17:00:00.000Z Updated: 2026-06-02T19:30:36.124Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-18-200-03	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.