CVE-2018-10627
9.8 CRITICALEchelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions
Published: 2018-07-24 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-200
Affected products
| Vendor | Product |
|---|---|
| echelon | i.lon_100_firmware, smartserver_1_firmware, smartserver_2_firmware |
Description
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2018-8859 — Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions (9.8 CRITICAL)
- CVE-2018-8855 — Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions (9.8 CRITICAL)
- CVE-2018-8851 — Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions (9.8 CRITICAL)
Same CWE
- CVE-2026-12203 — A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215 (5.3 MEDIUM)
- CVE-2026-49397 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)
- CVE-2026-47124 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
- CVE-2026-54396 — An information disclosure vulnerability exists in the MISP AuthKey edit functionality
- CVE-2026-47264 — Discourse is an open-source discussion platform (5.3 MEDIUM)